A Comprehensive Analysis of Today’s Malware and Its Distribution Network: Common Adversary Strategies and Implications

Huh, Siwon; Cho, Seonghwan; Choi, Jin‐Ho; Shin, Seungwon; Lee, Hojoon

doi:10.1109/access.2022.3171226

Cited by 9 publications

(3 citation statements)

References 53 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…MDNs comprise networks of various sizes. These networks consist of landing sites, redirects, exploit kits (EKs), and malware [1][2][3][4]. Here, the exploit kits, such as RIG and Redkit, exploit the users' PCs.…”

Section: Introductionmentioning

confidence: 99%

Methodology to find malware super-spreader on the web infrastructure

Kim

2023

Preprint

View full text Add to dashboard Cite

The Internet is an open platform and provides a diffusion network, thus enabling easy malware dissemination. Prior studies have focused on how social networking sites such as Facebook or Twitter are harnessed for diffusing malware extensively. They have also analyzed various inter-correlations between follower-followee in malware delivery behaviors. However, the findings cannot sufficiently explain malware distribution networks. The aim of this study is to find high-degree nodes that perform core roles in spreading malware on malware distribution networks. To do so, I first built a system to gather malicious URLs that participated in malware distribution. Second, I comprehensively learned the properties of malicious URLs. For instance, attackers construct the geolocation between landing sites that users first access and exploit sites that launch attacks in a different manner. Different geographic locations make it difficult for defenders to detect and block core malicious URLs. Hence, defenders need to search for other malicious URLs at possible control locations. Third, all websites involved in malware distribution were reconstructed into a network with nodes. Each node was assigned a risk. For instance, the contamination rate of malware that propagates through Google with many users definitely differs from that of websites with few users. Based on this approach, a method for measuring the overall risk of malware distribution networks was proposed. This model helps in finding significant nodes that largely influence malware diffusion.

show abstract

Section: Introductionmentioning

confidence: 99%

Methodology to find malware super-spreader on the web infrastructure

Kim

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Due to these limitations, machine learning-based techniques have been used to identify the bots that behave like normal connections and generate legitimate traffics. Many studies have surveyed the available botnet detection techniques and found that machine learning-based techniques can detect real-world botnets regardless of botnet protocol and structure with a very low false-positive rate [8], [30], [28], [29].…”

Section: Introductionmentioning

confidence: 99%

On Feature Selection Algorithms for Effective Botnet Detection

Afroz

Ibnath²,

Rahman³

et al. 2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

On Feature Selection Algorithms for Effective Botnet Detection the features based on their similarity in patterns and checking all combinations within the groups of small number of features which improves the time complexity by a large margin. Through experiments we show the efficacy of the proposed feature selection heuristics. The result shows that some heuristics outperform state-of-the-art feature selection algorithms.

show abstract

Section: Introductionmentioning

confidence: 99%

On Feature Selection Algorithms for Effective Botnet Detection

Afroz

Ibnath

Rahman

et al. 2022

Preprint

View full text Add to dashboard Cite

The threats of botnets are becoming a growing concern infecting more and more computers every day. Although botnets can be detected from their behavioral patterns, it is becoming more challenging to differenti-ate the behavior between the malicious traffic and the legitimate trafficas with the advancement of the technologies the malicious traffics are fol-lowing the similar behavioral patterns of benign traffics. The detectionof malicious traffic largely depends on the traffic features that are beingused to feed in the detection process. Selecting the best features for effec-tive botnet detection is the main contribution of this paper. At the verybeginning, we show the impact of different features on botnet detectionprocess. Then we propose several heuristics to select the best featuresfrom a handful of possible features. Some proposed heuristics are trulyfeature-based and some are group-based, thus generating different accu-racy levels. We also analyze time complexity of each heuristic and providea detailed performance analysis. As working with all combinations of alarge number of features is not feasible, some heuristics work by groupingthe features based on their similarity in patterns and checking all combi-nations within the groups of small number of features which improves thetime complexity by a large margin. Through experiments we show the efficacy of the proposed feature selection heuristics. The result shows thatsome heuristics outperform state-of-the-art feature selection algorithms.

show abstract

A Comprehensive Analysis of Today’s Malware and Its Distribution Network: Common Adversary Strategies and Implications

Cited by 9 publications

References 53 publications

Methodology to find malware super-spreader on the web infrastructure

Methodology to find malware super-spreader on the web infrastructure

On Feature Selection Algorithms for Effective Botnet Detection

On Feature Selection Algorithms for Effective Botnet Detection

Contact Info

Product

Resources

About