Nothing but Net: Leveraging macOS's Networking Frameworks to Heuristically Detect Malware

As the majority of malware contains networking capabilities, it is well understood that detecting unauthorized network access is a powerful detection heuristic. However, while the concepts of network traffic analysis and monitoring to detect malicious code are well established and widely implemented on platforms such as Windows, there remains a dearth of such capabilities on macOS.

This talk aims to remedy this situation by delving deeply into a myriad of programmatic approaches capable of enumerating network state, statistics, and traffic, …

access analysis capabilities code concepts detect detection detect malware frameworks macos malicious malware monitoring network network access networking network traffic network traffic analysis nothing platforms traffic traffic analysis unauthorized windows