Clustering Top-10 malware/bots based on download behavior

Malware can be spread over the Internet via especially download mechanism to the victim computers. This work tries to cluster malware/bots download behavior of Top-10 malware based on 2010 and 2011 CCC (Cyber Clean Center) datasets. The datasets contain more than one million download logs collected from several independent honeypots in Japan to observe malware/bot traffic and activities. Although the daily and hourly patterns are quite similar in 2010, those of 2011 are quite different. As a result, the proposed Integral Correlation Coefficient can cluster 3 and 4 groups of Top-10 malware/bots in 2010 and 2011, respectively.

[1]  Koji Nakao,et al.  Correlation Analysis between Spamming Botnets and Malware Infected Hosts , 2011, 2011 IEEE/IPSJ International Symposium on Applications and the Internet.

[2]  Masashi Fujiwara,et al.  Time Zone Correlation Analysis of Malware/Bot Downloads , 2013, IEICE Trans. Commun..

[3]  Pitikhate Sooraksa,et al.  A discovery of sequential attack patterns of malware in botnets , 2010, 2010 IEEE International Conference on Systems, Man and Cybernetics.