Inferring internet-scale infections by correlating malware and probing activities
作者: Elias Bou-Harb , Claude Fachkha , Mourad Debbabi , Chadi Assi
关键词:
摘要: This paper presents a new approach to infer malware-infected machines by solely analyzing their generated probing activities. In contrary other adopted methods, the proposed does not rely on symptoms of infection detect compromised machines. allows inference malware at very early stages contamination. The aims detecting whether are infected or as well pinpointing exact type/family, if were found be compromised. latter insights allow network security operators diverse organizations, Internet service providers and backbone networks promptly clients' in addition effectively providing them with tailored anti-malware/patch solutions. To achieve intended goals, exploits darknet space employs statistical methods large-scale Subsequently, such activities correlated samples leveraging fuzzy hashing entropy based techniques. is empirically evaluated using 60 GB real traffic 65 thousand samples. results concur that rationale exploiting for worldwide detection indeed promising. Further, demonstrate extracted inferences exhibit noteworthy accuracy can generate significant cyber could used effective mitigation.
researchgate.net 
sci-hub.se 参考文章(22)
Evan Cooke, Michael Bailey, Farnam Jahanian, Richard Mortier, None, The dark oracle: perspective-aware unused and unreachable address discovery networked systems design and implementation. pp. 8- 8 ,(2006)
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson, None, The Internet Motion Sensor - A Distributed Blackhole Monitoring System. network and distributed system security symposium. ,(2005)
Masashi Eto, Kotaro Sonoda, Daisuke Inoue, Katsunari Yoshioka, Koji Nakao, A Proposal of Malware Distinction Method Based on Scan Patterns Using Spectrum Analysis international conference on neural information processing. pp. 565- 572 ,(2009) , 10.1007/978-3-642-10684-2_63
Koji NAKAO, Daisuke INOUE, Masashi ETO, Katsunari YOSHIOKA, Practical Correlation Analysis between Scan and Malware Profiles against Zero-Day Attacks Based on Darknet Monitoring IEICE Transactions on Information and Systems. ,vol. 92, pp. 787- 798 ,(2009) , 10.1587/TRANSINF.E92.D.787
Hubert W. Lilliefors, On the Kolmogorov-Smirnov Test for Normality with Mean and Variance Unknown Journal of the American Statistical Association. ,vol. 62, pp. 399- 402 ,(1967) , 10.2307/2283970
Elias Bou-Harb, Mourad Debbabi, Chadi Assi, A Statistical Approach for Fingerprinting Probing Activities availability, reliability and security. pp. 21- 30 ,(2013) , 10.1109/ARES.2013.9
Eric Wustrow, Manish Karir, Michael Bailey, Farnam Jahanian, Geoff Huston, None, Internet background radiation revisited internet measurement conference. pp. 62- 74 ,(2010) , 10.1145/1879141.1879149
Rob Sloan, Advanced Persistent Threat Engineering & Technology Reference. ,vol. 1, ,(2014) , 10.1049/ETR.2014.0025
Claude Fachkha, Elias Bou-Harb, Amine Boukhtouta, Son Dinh, Farkhund Iqbal, Mourad Debbabi, Investigating the dark cyberspace: Profiling, threat-based analysis and correlation conference on risks and security of internet and systems. pp. 1- 8 ,(2012) , 10.1109/CRISIS.2012.6378947
Wenke Lee, Dong Xiang, Information-theoretic measures for anomaly detection ieee symposium on security and privacy. pp. 130- 143 ,(2001) , 10.1109/SECPRI.2001.924294