Cross-layer analysis of malware datasets for malicious campaigns identification

In this paper, we investigate the problem of detecting correlations among datasets containing malicious data concerned with various types of network attacks and related events of the infections taken from a numerous sources and organizations. We propose a graph based technique to depict relationships between malicious data based on values of attributes related both to attackers and victims, and referred to different layers of the OSI model. The presented model can be used to fast, automatic identification of malware campaigns. The case study described in the paper demonstrates the performance of our method.

[1]  Douglas S. Reeves,et al.  Fast malware classification by automated behavioral graph matching , 2010, CSIIRW '10.

[2]  Mark Stamp,et al.  Handbook of Information and Communication Security , 2010, Handbook of Information and Communication Security.

[3]  Ewa Niewiadomska-Szynkiewicz,et al.  Comparative Study of Supervised Learning Methods for Malware Analysis , 2014 .

[4]  Marek Amanowicz,et al.  On mechanism supporting situational awareness of a tactical ad-hoc network node , 2013, 2013 Military Communications and Information Systems Conference.

[5]  Adam Kozakiewicz,et al.  Analysis of the Similarities in Malicious DNS Domain Names , 2011 .

[6]  Muhammad Zubair Shafiq,et al.  Embedded Malware Detection Using Markov n-Grams , 2008, DIMVA.

[7]  Zulfikar Ramzan Phishing Attacks and Countermeasures , 2010, Handbook of Information and Communication Security.

[8]  João Paulo Costa,et al.  A Level-Based Approach to Prioritize Telecommunications R&D , 2008 .

[9]  Etienne Stalmans,et al.  A framework for DNS based detection and mitigation of malware infections on a network , 2011, 2011 Information Security for South Africa.

[10]  Ewa Niewiadomska-Szynkiewicz,et al.  Support Vector Machine for Malware Analysis and Classification , 2014, 2014 IEEE/WIC/ACM International Joint Conferences on Web Intelligence (WI) and Intelligent Agent Technologies (IAT).

[11]  Charu C. Aggarwal,et al.  Graph Clustering , 2010, Encyclopedia of Machine Learning and Data Mining.

[12]  Radu State,et al.  Malware analysis with graph kernels and support vector machines , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[13]  U. Brandes A faster algorithm for betweenness centrality , 2001 .

[14]  Bazara I. A. Barry,et al.  Improving the Detection of Malware Behaviour Using Simplified Data Dependent API Call Graph , 2013 .

[15]  David Maier,et al.  From databases to dataspaces: a new abstraction for information management , 2005, SGMD.

[16]  Carsten Willems,et al.  Learning and Classification of Malware Behavior , 2008, DIMVA.

[17]  Yanfang Ye,et al.  IMDS: intelligent malware detection system , 2007, KDD '07.

[18]  André Ricardo Abed Grégio,et al.  A Malware Detection System Inspired on the Human Immune System , 2012, ICCSA.

[19]  Georg Wicherski,et al.  peHash: A Novel Approach to Fast Malware Clustering , 2009, LEET.

[20]  Orestis Tsigkas,et al.  Visual spam campaigns analysis using abstract graphs representation , 2012, VizSec '12.

[21]  Anna Felkner,et al.  Application of bioinformatics methods to recognition of network threats , 2007 .

[22]  Hossein Saidi,et al.  Malware propagation in Online Social Networks , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[23]  Ricardo J. Rodríguez,et al.  Detection of Intrusions and Malware, and Vulnerability Assessment , 2016, Lecture Notes in Computer Science.

[24]  Marc Dacier,et al.  A strategic analysis of spam botnets operations , 2011, CEAS '11.

[25]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[26]  Raj K. Puri Bots & Botnet: An Overview , 2003 .