Potential Risk Analysis Method for Malware Distribution Networks

Kim, Do-Hoon

doi:10.1109/access.2019.2960552

Cited by 9 publications

(8 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Newman et al [14] conducted an empirical study investigating the email network structure to examine what nodes can significantly contribute to spreading computer viruses. Kim [17] measured the risk of websites exposing security vulnerability (e.g., malware, fake infectious sites) based on degree, betweenness, eigenvector, and closeness.…”

Section: Communication Networkmentioning

confidence: 99%

“…In-degree; out-degree; degree; betweenness; eigenvector centrality; closeness centrality [9], [15], [17], [14], [16] Geographic Networks…”

Section: Community Detectionmentioning

confidence: 99%

“…Since the 2000s, centrality metrics have grown in significance in communication networks as network resilience and cybersecurity concerns have become more prominent. The most common centrality metrics are degree [9], [14], betweenness [15], [16], eigenvector [17], closeness [18], pagerank [19], and so forth. However, given the rich volume of existing centrality metrics studied in other scientific fields for decades, their merits and relevant usages have been insufficiently appreciated and leveraged in various communication and network domains.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Survey on Centrality Metrics and Their Network Resilience Analysis

et al. 2021

View full text Add to dashboard Cite

Centrality metrics have been studied in the network science research. They have been used in various networks, such as communication, social, biological, geographic, or contact networks under different disciplines. In particular, centrality metrics have been used in order to study and analyze targeted attack behaviors and investigated their effect on network resilience. Although a rich volume of centrality metrics has been developed from 1940s, only some centrality metrics (e.g., degree, betweenness, or cluster coefficient) have been commonly in use. This paper aims to introduce various existing centrality metrics and discusses their applicabilities in various networks. In addition, we conducted extensive simulation study in order to demonstrate and analyze the network resilience of targeted attacks using the surveyed centrality metrics under four real network topologies. We also discussed algorithmic complexity of centrality metrics surveyed in this work. Through the extensive experiments and discussions of the surveyed centrality metrics, we encourage their use in solving various computing and engineering problems in networks.

show abstract

Section: Communication Networkmentioning

confidence: 99%

“…In-degree; out-degree; degree; betweenness; eigenvector centrality; closeness centrality [9], [15], [17], [14], [16] Geographic Networks…”

Section: Community Detectionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Centrality Metrics and Their Network Resilience Analysis

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Malware programs such as Conficker and Kraken, which have caused considerable worldwide damage, implement DGAs as one aspect of their capabilities. Moreover, researchers have found improper codes embedded in websites and web-based advertisements that are designed to promote the spread of such malware programs over broad target areas [15,16].…”

Section: Dga Malwarementioning

confidence: 99%

A Word-Level Analytical Approach for Identifying Malicious Domain Names Caused by Dictionary-Based DGA Malware

et al. 2021

View full text Add to dashboard Cite

Computer networks are facing serious threats from the emergence of malware with sophisticated DGAs (Domain Generation Algorithms). This type of DGA malware dynamically generates domain names by concatenating words from dictionaries for evading detection. In this paper, we propose an approach for identifying the callback communications of such dictionary-based DGA malware by analyzing their domain names at the word level. This approach is based on the following observations: These malware families use their own dictionaries and algorithms to generate domain names, and accordingly, the word usages of malware-generated domains are distinctly different from those of human-generated domains. Our evaluation indicates that the proposed approach is capable of achieving accuracy, recall, and precision as high as 0.9989, 0.9977, and 0.9869, respectively, when used with labeled datasets. We also clarify the functional differences between our approach and other published methods via qualitative comparisons. Taken together, these results suggest that malware-infected machines can be identified and removed from networks using DNS queries for detected malicious domain names as triggers. Our approach contributes to dramatically improving network security by providing a technique to address various types of malware encroachment.

show abstract

Section: A Dga Malwarementioning

confidence: 99%

A Superficial Analysis Approach for Identifying Malicious Domain Names Generated by DGA Malware

Satoh

Fukuda

Hayashi

et al. 2020

IEEE Open J. Commun. Soc.

View full text Add to dashboard Cite

Some of the most serious security threats facing computer networks involve malware. To prevent malware-related damage, administrators must swiftly identify and remove the infected machines that may reside in their networks. However, many malware families have domain generation algorithms (DGAs) to avoid detection. A DGA is a technique in which the domain name is changed frequently to hide the callback communication from the infected machine to the command-and-control server. In this paper, we propose an approach for estimating the randomness of domain names by superficially analyzing their character strings. This approach is based on the following observations: human-generated benign domain names tend to reflect the intent of their domain registrants, such as an organization, product, or content. In contrast, dynamically generated malicious domain names consist of meaningless character strings because conflicts with already registered domain names must be avoided; hence, there are discernible differences in the strings of dynamically generated and human-generated domain names. Notably, our approach does not require any prior knowledge about DGAs. Our evaluation indicates that the proposed approach is capable of achieving recall and precision as high as 0.9960 and 0.9029, respectively, when used with labeled datasets. Additionally, this approach has proven to be highly effective for datasets collected via a campus network. Thus, these results suggest that malware-infected machines can be swiftly identified and removed from networks using DNS queries for detected malicious domains as triggers.

show abstract

Potential Risk Analysis Method for Malware Distribution Networks

Cited by 9 publications

References 17 publications

A Survey on Centrality Metrics and Their Network Resilience Analysis

A Survey on Centrality Metrics and Their Network Resilience Analysis

A Word-Level Analytical Approach for Identifying Malicious Domain Names Caused by Dictionary-Based DGA Malware

A Superficial Analysis Approach for Identifying Malicious Domain Names Generated by DGA Malware

Contact Info

Product

Resources

About