Detection of malicious webmail attachments based on propagation patterns
作者: Yehonatan Cohen , Danny Hendler , Amir Rubin
DOI: 10.1016/J.KNOSYS.2017.11.011
关键词:
摘要: Abstract Email remains one of the key media used by cybercriminals for distributing malware. Based on a large data set consisting antivirus telemetry reports, we conduct first comprehensive study properties malicious webmail attachments. We show that they are distinct among general web-borne malware population in terms reach (the number machines to which is downloaded), type and family. Furthermore, attachments unique manner propagate through network. leverage these findings defining novel features propagation patterns. These derived from time-series representation download rates community structure graphs model network paths propagates. features, implement detector provides high-quality detection
sci-hub.se 参考文章(45)
James Clifford, Donald J. Berndt, Using dynamic time warping to find patterns in time series knowledge discovery and data mining. pp. 359- 370 ,(1994)
Roberto Perdisci, David Dagon, Manos Antonakakis, Nick Feamster, Wenke Lee, Building a dynamic reputation system for DNS usenix security symposium. pp. 18- 18 ,(2010)
Yuval Elovici, Michael Fire, Gilad Katz, Strangers Intrusion Detection - Detecting Spammers and Fake Proles in Social Networks Based on Topology Anomalies HUMAN. ,vol. 1, pp. 26- 39 ,(2012)
Igor Mishsky, Nurit Gal-Oz, Ehud Gudes, A Topology Based Flow Model for Computing Domain Reputation 29th IFIP Annual Conference on Data and Applications Security and Privacy (DBSEC). pp. 277- 292 ,(2015) , 10.1007/978-3-319-20810-7_20
G. Holmes, A. Donkin, I.H. Witten, WEKA: a machine learning workbench intelligent information systems. pp. 357- 361 ,(1994) , 10.1109/ANZIIS.1994.396988
Alina Oprea, Zhou Li, Ting-Fang Yen, Sang H. Chin, Sumayah Alrwais, Detection of Early-Stage Enterprise Infection by Mining Large-Scale Log Data dependable systems and networks. pp. 45- 56 ,(2015) , 10.1109/DSN.2015.14
Jeremy D. Seideman, Bilal Khan, Cesar Vargas, Quantifying Malware Evolution through Archaeology Journal of Information Security. ,vol. 6, pp. 101- 110 ,(2015) , 10.4236/JIS.2015.62011
M. E. J. Newman, Stephanie Forrest, Justin Balthrop, Email networks and the spread of computer viruses. Physical Review E. ,vol. 66, pp. 035101- ,(2002) , 10.1103/PHYSREVE.66.035101
Archit Gupta, Pavan Kuppili, Aditya Akella, Paul Barford, An empirical study of malware evolution communication systems and networks. pp. 356- 365 ,(2009) , 10.1109/COMSNETS.2009.4808876
Bum Jun Kwon, Jayanta Mondal, Jiyong Jang, Leyla Bilge, Tudor Dumitraş, The Dropper Effect: Insights into Malware Distribution with Downloader Graph Analytics computer and communications security. pp. 1118- 1129 ,(2015) , 10.1145/2810103.2813724