Temporal behavior analysis of malware/bot downloads using top-10 processing

Nowadays malware can be spread over the Internet using botnets to download. This preliminary work presents temporal download behavior of Top-10 malware based on 2010 and 2011 CCC (Cyber Clean Center) datasets in terms of number of downloads per day and per hour. The datasets contain download logs of several independent honeypots in Japan to observe malware traffic and its activities. Our results show sequences and similar patterns of malware downloads in 2010. On the other hand, the behaviors in 2011 are quite different from those of 2010 that no obvious sequences and patterns can be detected.

[1]  Koji Nakao,et al.  Correlation Analysis between Spamming Botnets and Malware Infected Hosts , 2011, 2011 IEEE/IPSJ International Symposium on Applications and the Internet.

[2]  Pitikhate Sooraksa,et al.  A discovery of sequential attack patterns of malware in botnets , 2010, 2010 IEEE International Conference on Systems, Man and Cybernetics.

[3]  Masashi Fujiwara,et al.  Time Zone Correlation Analysis of Malware/Bot Downloads , 2013, IEICE Trans. Commun..