论文信息 - Temporal behaviors of Top-10 malware download in 2010–2012

Temporal behaviors of Top-10 malware download in 2010–2012

Malware can be widely downloaded over the Internet by the bot-infected computers according to their botmaster in order to form a botnet and eventually to perform cyber attacks. This paper analyzes and summarizes the malware download behaviors of Top-10 malware based on 2010 CCC, 2011 CCC and 2012 IIJ MITF datasets. The datasets contain millions of download logs collected from several Honeypots located in Japan observing malware/bot traffic and activities. These log data have been processed and analyzed in terms of daily and hourly downloads based on our Top-10 processing algorithm. As a result, both daily and hourly download patterns in each year are quite different due to different malware families and spreading protocols.

[1] Koji Nakao,et al. Correlation Analysis between Spamming Botnets and Malware Infected Hosts , 2011, 2011 IEEE/IPSJ International Symposium on Applications and the Internet.

[2] Brent Byunghoon Kang,et al. Peer-to-Peer Botnets: Overview and Case Study , 2007, HotBots.

[3] Masashi Fujiwara,et al. Time Zone Correlation Analysis of Malware/Bot Downloads , 2013, IEICE Trans. Commun..

[4] Guofei Gu,et al. BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.