Top

Published in:

2018 | OriginalPaper | Chapter

Pheromone Model Based Visualization of Malware Distribution Networks

Authors : Yang Cai, Jose Andre Morales, Sihan Wang, Pedro Pimentel, William Casey, Aaron Volkmann

Published in: Computational Science – ICCS 2018

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

We present a novel computational pheromone model for describing dynamic network behaviors in terms of transition, persistency, and hosting. The model consists of a three-dimensional force-directed graph with bi-directional pheromone deposit and decay paths. A data compression algorithm is developed to optimize computational performance. We applied the model for visual analysis of a Malware Distribution Network (MDN), a connected set of maliciously compromised domains used to disseminate malicious software to victimize computers and users. The MDN graphs are extracted from datasets from Google Safe Browsing (GSB) reports with malware attributions from VirusTotal. Our research shows that this novel approach reveals patterns of topological changes of the network over time, including the existence of persistent sub-networks and individual top-level domains critical to the successful operation of MDNs, as well as the dynamics of the topological changes on a daily basis. From the visualization, we observed notable clustering effects, and also noticed life span patterns for high-edge-count malware distribution clusters.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Insider Threat Detection with Deep Neural Network

next chapter Detecting Wildlife in Unmanned Aerial Systems Imagery Using Convolutional Neural Networks Trained with an Automated Feedback Loop

Available only for authorised users

Gu, G., Perdisci, R., Zhang, J., Lee, W.: BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: Proceedings of the 17th USENIX Security Symposium Security 2008 (2008)

Gu, G., Zhang, J., Lee, W.: BotSniffer: Detecting botnet command and control channels in network traffic. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS 2008), February 2008

McCoy, D., Pitsillidis, A., Jordan, G., Weaver, N., Kreibich, C., Krebs, B., Voelker, G.M., Savage, S., Levchenko, K.: PharmaLeaks: understanding the business of online pharmaceutical affiliate programs. In: Proceedings of the 21st USENIX Conference on Security Symposium, Series Security 2012, Berkeley, CA, USA. USENIX Association, pp. 1 (2012)

Karami, M., Damon, M.: Understanding the emerging threat of DDOS-as-a-Service. In: Proceedings of the USENIX Workshop on Large-Scale Exploits and Emergent Threats (2013)

Google safe browsing. https://developers.google.com/safe-browsing/

Zhang, J., Seifert, C., Stokes, J.W., Lee, W.: Arrow: generating signatures to detect drive-by downloads. In: Srinivasan, S., Ramamritham, K., Kumar, A., Ravindra, M.P., Bertino, E., Kumar, R. (eds.) Proceedings of the 20th International Conference on World Wide Web, WWW 2011, Hyderabad, India, 28 March–1 April 2011. ACM (2011)

Rossow, C., Dietrich, C., Bos, H.: Large-scale analysis of malware downloaders. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 42–61. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37300-8_3CrossRef

Caballero, J., Grier, C., Kreibich, C., Paxson, V.: Measuring pay-per-install: the commoditization of malware distribution. In: Proceedings of the 20th USENIX Conference on Security, Series SEC 2011, Berkeley, CA, USA. USENIX Association (2011)

Goncharov, M.: Traffic direction systems as malware distribution tool. Trend Micro, Technical report (2011)

10.

Behfarshad, Z.: Survey of malware distribution networks, Electrical and Computer Engineering, University of British Columbia, Technical report (2012)

11.

Provos, N., McNamee, D., Mavrommatis, P., Wang, K., Modadugu, N.: The ghost in the browser analysis of web-based malware. In: Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets, Series HotBots 2007, Berkeley, CA, USA. USENIX Association (2007)

12.

Provos, N., Mavrommatis, P., Rajab, M.A., Monrose, F.: All your iframes point to us. In: Proceedings of the 17th conference on Security symposium, Series SS 2008, Berkeley, CA, USA. USENIX Association (2008)

13.

http://www.stachliu.com/2012/08/search-diggity-install/

14.

Bing linkfromdomain search operator. http://www.bing.com/blogs/site_blogs/b/search/archive/2006/10/16/search-macros-linkfromdomain.aspx

15.

http://www.d3.org

16.

Wigglesworth, V.B.: Insect Hormones, pp. 134–141. W.H. Freeman and Company, Stuttgart (1970)

17.

Cai, Y.: Instinctive Computing. Springer, London (2016). https://doi.org/10.1007/978-1-4471-7278-9CrossRef

18.

Bonabeau, E., Dorigo, M., Theraulaz, G.: Sawrm Intelligence: From Nature to Artificial Systems. Oxford University Press, Oxford (1999)MATH

19.

Cai, Y.: Ambient Diagnostics. CRC Press, Boca Raton (2014)

20.

Jacobi, J.A., Benson, E.A., Linden, G.D.: Personalized recommendations of items represented within a database. US Patent. US 7113917 B2

21.

Peryt, S., Morales, J.A., Casey, W., Volkmann, A., Cai, Y.: Visualizing malware distribution network. In: IEEE Conference on Visualization for Security, Baltimore, October 2016

22.

Rossi, R.A., Gallagher, B., Neville, J., Henderson, K.: Modeling dynamic behavior in large evolving graphs. In: Proceedings of the Sixth ACM International Conference on Web Search and Data Mining (WSDM 2013), pp. 667–676. ACM, New York. http://dx.doi.org/10.1145/2433396.2433479

Title: Pheromone Model Based Visualization of Malware Distribution Networks
Authors: Yang Cai
Jose Andre Morales
Sihan Wang
Pedro Pimentel
William Casey
Aaron Volkmann
Publisher: Springer International Publishing
Book: Computational Science – ICCS 2018
Print ISBN: 978-3-319-93697-0

Electronic ISBN: 978-3-319-93698-7

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-93698-7_5

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner