Identifying infected users via network traffic

“…First, some researchers examined the differences between users regarding their browsing habits and the corresponding needs for personalized protection [1,[4][5][6][7][8][9][10][11]. Second, several systems addressed the benefit of having a proactive or predictive approach rather than a reactive one; taking action only once the attack occurred could lower the effectiveness of blocking the malware [3,4,8,[12][13][14][15]. Third, some projects considered the need to maintain a low level of privacy invasion while supplying means of protection to the users [8].…”

“…Second, several systems addressed the benefit of having a proactive or predictive approach rather than a reactive one; taking action only once the attack occurred could lower the effectiveness of blocking the malware [3,4,8,[12][13][14][15]. Third, some projects considered the need to maintain a low level of privacy invasion while supplying means of protection to the users [8]. However, most systems still require a great deal of information regarding the user's activity for their risk evaluation.…”

“…The differences between users, both in terms of behavior and personal characteristics (e.g., country and age), govern their risk of becoming infected [1,[4][5][6][7][8][9][10][11]. Ovelgönne et al [6] collected data from 1.6 million users over eight months and analyzed the binaries installed on the users' computers to determine their infection risk.…”

“…For a security system to be proactive, it needs to predict the level of risk or forecast an upcoming malware attack. The subject of predicting the risk of infection has been addressed in several studies [3,4,8,[12][13][14][15]. Bilge et al [13] achieved excellent results in predicting infections by analyzing the binaries installed on users' computers and identifying ones that are more likely to be attacked.…”

“…Kang et al [12] combined behavior-related and malware-related features from their data and epidemic modeling to predict malware infections in different countries. Other studies predicted infections according to wireless traffic data [8], or according to browsing activity [3,4,11]. Ben Neria et al [11] proposed a personalized security framework that focuses on users' browsing behavior and combines two models: one that evaluates each user's risk level and another that evaluates the risk level of each web page.…”

Co-similar malware infection patterns as a predictor of future risk

“…First, some researchers examined the differences between users regarding their browsing habits and the corresponding needs for personalized protection [1,[4][5][6][7][8][9][10][11]. Second, several systems addressed the benefit of having a proactive or predictive approach rather than a reactive one; taking action only once the attack occurred could lower the effectiveness of blocking the malware [3,4,8,[12][13][14][15]. Third, some projects considered the need to maintain a low level of privacy invasion while supplying means of protection to the users [8].…”

“…Second, several systems addressed the benefit of having a proactive or predictive approach rather than a reactive one; taking action only once the attack occurred could lower the effectiveness of blocking the malware [3,4,8,[12][13][14][15]. Third, some projects considered the need to maintain a low level of privacy invasion while supplying means of protection to the users [8]. However, most systems still require a great deal of information regarding the user's activity for their risk evaluation.…”

“…The differences between users, both in terms of behavior and personal characteristics (e.g., country and age), govern their risk of becoming infected [1,[4][5][6][7][8][9][10][11]. Ovelgönne et al [6] collected data from 1.6 million users over eight months and analyzed the binaries installed on the users' computers to determine their infection risk.…”

“…For a security system to be proactive, it needs to predict the level of risk or forecast an upcoming malware attack. The subject of predicting the risk of infection has been addressed in several studies [3,4,8,[12][13][14][15]. Bilge et al [13] achieved excellent results in predicting infections by analyzing the binaries installed on users' computers and identifying ones that are more likely to be attacked.…”

“…Kang et al [12] combined behavior-related and malware-related features from their data and epidemic modeling to predict malware infections in different countries. Other studies predicted infections according to wireless traffic data [8], or according to browsing activity [3,4,11]. Ben Neria et al [11] proposed a personalized security framework that focuses on users' browsing behavior and combines two models: one that evaluates each user's risk level and another that evaluates the risk level of each web page.…”

Co-similar malware infection patterns as a predictor of future risk

Convolutional Recurrent Neural Networks for Computer Network Analysis

Unsupervised Machine Learning-Based Elephant and Mice Flow Identification