Poster: Towards identifying early indicators of a malware infection

A malware goes through multiple stages in its life-cycle at the target machine before mounting its expected attack. The entire life-cycle can span anywhere from a few weeks to several months. The network communications during the initial phase could be the earliest indicators of a malware infection. While prior works have leveraged network traffic, none have focused on the temporal analysis of how early can the malware be detected. The main challenges here are the difficulty in differentiating benign-looking malware communications in the early stages of the malware life-cycle. In our quest to build an early warning system, we analyze malware communications to identify such early indicators.