122 Hits in 5.1 sec

Ringer: Systematic Mining of Malicious Domains by Dynamic Graph Convolutional Network [chapter]

Zhicheng Liu, Shuhao Li, Yongzheng Zhang, Xiaochun Yun, Chengwei Peng
2020 Lecture Notes in Computer Science  
There are three limitations in previous methods over domain classification: (1) solely based on local domain features which tend to be not robust enough; (2) lack of a large number of ground truth for  ...  Notably, instead of global statically learning, we adopt time-based hash to cut graphs to small ones and inductively learn the embedding of nodes according to selectively sampling neighbors.  ...  Zhou Yue, who helped me a lot during the writing of this thesis. The corresponding author of this paper is Shuhao Li.  ... 
doi:10.1007/978-3-030-50420-5_28 fatcat:bavfvhtfgrbbhext55xrfeocgm

A Survey on Malicious Domains Detection through DNS Data Analysis

Yury Zhauniarovich, Issa Khalil, Ting Yu, Marc Dacier
2018 ACM Computing Surveys  
Due to the important role of the Domain Name System (DNS), extensive research has been conducted to identify malicious domains based on their unique behavior reflected in different phases of the life cycle  ...  In each aspect, we discuss the important challenges that the research community should address in order to fully realize the power of DNS data analysis to fight against attacks leveraging malicious domains  ...  That is, evaluating based on a ground truth collected from one source may differ from that based on a ground truth collected from another.  ... 
doi:10.1145/3191329 fatcat:lbtstk4zirabxiixxrqtv5oehi

Detection of stealthy malware activities with traffic causality and scalable triggering relation discovery

Hao Zhang, Danfeng Daphne Yao, Naren Ramakrishnan
2014 Proceedings of the 9th ACM symposium on Information, computer and communications security - ASIA CCS '14  
We use these triggering relations to reason the occurrences of network events and to pinpoint stealthy malware activities. We define a new problem of triggering relation discovery of network events.  ...  Our new approach efficiently discovers the underlying triggering relations of a massive amount of network events.  ...  It is the percentage of events whose roots in the constructed the triggering relation graph are correct with respect to the ground truth.  ... 
doi:10.1145/2590296.2590309 dblp:conf/ccs/ZhangYR14 fatcat:kffyvrimzrca5laimnsovbcbv4

Causality reasoning about network events for detecting stealthy malware activities

Hao Zhang, Danfeng (Daphne) Yao, Naren Ramakrishnan, Zhibin Zhang
2016 Computers & security  
based on a triggering relation graph.  ...  Existing security solutions rely heavily on the recognition of known code or behavior signatures, which are incapable of detecting new malware patterns.  ...  The pairwise accuracy is evaluated with respect to the ground truth. • The root-trigger correctness rate is computed based on the root of a node.  ... 
doi:10.1016/j.cose.2016.01.002 fatcat:y4dusp2bqbcu5kwr6wjue3i7qu

Catching Worms, Trojan Horses and PUPs: Unsupervised Detection of Silent Delivery Campaigns [article]

Bum Jun Kwon, Virinchi Srinivas, Amol Deshpande, Tudor Dumitraş
2016 arXiv   pre-print
The growing commoditization of the underground economy has given rise to malware delivery networks, which charge fees for quickly delivering malware or unwanted software to a large number of hosts.  ...  By exploiting novel techniques and empirical observations, Beewolf can operate on streaming data.  ...  Ground Truth Data While ground truth for malware delivery campaigns is currently unavailable, we collect ground truth about executables from multiple sources. VirusTotal.  ... 
arXiv:1611.02787v1 fatcat:megjkbueezgkrpdouj5w2wcq34

Systematic Mining of Associated Server Herds for Malware Campaign Discovery

Jialong Zhang, Sabyasachi Saha, Guofei Gu, Sung-Ju Lee, Marco Mellia
2015 2015 IEEE 35th International Conference on Distributed Computing Systems  
Instead of focusing on detecting individual malicious domains, we propose a complementary approach to identify a group of closely related servers that are potentially involved in the same malware campaign  ...  Our solution, SMASH (Systematic Mining of Associated Server Herds), utilizes an unsupervised framework to infer malware ASHs by systematically mining the relationships among all servers from multiple dimensions  ...  Ground Truth To estimate the false positives and negatives of our inference results, we use the following data set as the ground truth.  ... 
doi:10.1109/icdcs.2015.70 dblp:conf/icdcs/ZhangSGLM15 fatcat:d4xvfbpd4rafzn7hhxfjokmaaa

Discovering Malicious Domains through Passive DNS Data Graph Analysis

Issa Khalil, Ting Yu, Bei Guan
2016 Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security - ASIA CCS '16  
For the second challenge, we develop a graph-based inference technique over associated domains.  ...  The general approach is to build classifiers based on DNS-related local domain features.  ...  Table 2 shows the statistics of the ground truth for the domain graphs of the one-week and two-week datasets.  ... 
doi:10.1145/2897845.2897877 dblp:conf/ccs/KhalilYG16 fatcat:zfkatykcdbdmhbjle53lmqufrm

Behavioral Service Graphs: A formal data-driven approach for prompt investigation of enterprise and internet-wide infections

Elias Bou-Harb, Mark Scanlon
2017 Digital Investigation. The International Journal of Digital Forensics and Incident Response  
The empirical evaluation that employs 10 GB of real botnet traffic and 80 GB of real darknet traffic indeed demonstrates the accuracy, effectiveness and simplicity of the generated network-based evidence  ...  On one hand, the promptness of the approach is successfully achieved by monitoring and correlating perceived probing activities, which are typically the very first signs of an infection or misdemeanors  ...  The ground truth Similar to the previous scenario, there exists a need to have a concrete knowledge about a ground truth to properly evaluate the proposed scheme.  ... 
doi:10.1016/j.diin.2017.02.002 fatcat:lui3baw66jcknhmzseevdxrzc4

PicoDomain: A Compact High-Fidelity Cybersecurity Dataset [article]

Craig Laprade, Benjamin Bowman, H. Howie Huang
2020 arXiv   pre-print
Unfortunately, current cybersecurity datasets either offer no ground truth or do so with anonymized data.  ...  As larger percentages of businesses and governments begin to understand the implications of cyberattacks, the impetus for better cybersecurity solutions has increased.  ...  Additionally, currently available large datasets either offer no ground truth (i.e. ISP level Netflow) or offer ground truth but are heavily anonymized (i.e. LANL 2015) [2] .  ... 
arXiv:2008.09192v1 fatcat:476kig5cenfr3khtzmmvg4d4sq

The Shape of Alerts: Detecting Malware Using Distributed Detectors by Robustly Amplifying Transient Correlations [article]

Mikhail Kazdagli and Constantine Caramanis and Sanjay Shakkottai and Mohit Tiwari
2018 arXiv   pre-print
Structural: actions such as visiting a website (waterhole attack) by nodes correlate well with malware spread, and create dynamic neighborhoods of nodes that were exposed to the same attack vector.  ...  We introduce a new malware detector - Shape-GD - that aggregates per-machine detectors into a robust global detector. Shape-GD is based on two insights: 1.  ...  Though file-level VirusTotal reports contain results of signature-based malware detection, we do not use them for within Shape-GD (except for computing the ground truth).  ... 
arXiv:1803.00883v1 fatcat:iyaabzrrmnfebewk5smic2kpfi

Error-Sensor: Mining Information from HTTP Error Traffic for Malware Intelligence [chapter]

Jialong Zhang, Jiyong Jang, Guofei Gu, Marc Ph. Stoecklin, Xin Hu
2018 Lecture Notes in Computer Science  
In this paper, we present the results of the first large-scale measurement study investigating the different network behaviors of both benign user/software and malware in light of HTTP errors.  ...  Based on the insights, we design a new system, Error-Sensor, to automatically detect traffic caused by malware from only HTTP errors and their surrounding successful requests.  ...  Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of NSF.  ... 
doi:10.1007/978-3-030-00470-5_22 fatcat:st66nhjwx5ejjnxn2rxarzg7oy

Toward a standard benchmark for computer security research

Tudor Dumitras, Darren Shou
2011 Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security - BADGERS '11  
WINE includes representative field data, collected worldwide from 240,000 sensors, for new empirical studies, and it will enable the validation of research on all the phases in the lifecycle of security  ...  We propose the Worldwide Intelligence Network Environment (WINE), a security-benchmarking approach based on rigorous experimental methods.  ...  Acknowledgments We thank Roy Maxion, Dave Brumley, Jon McCune, Ahren Studer, Jim Newsome and Marc Dacier for their early feedback on the ideas presented in this paper.  ... 
doi:10.1145/1978672.1978683 dblp:conf/badgers/DumitrasS11 fatcat:jwikl2e6bnhr7mmwwvarngynjq

Reading the Tea leaves: A Comparative Analysis of Threat Intelligence

Vector Guo Li, Matthew Dunn, Paul Pearce, Damon McCoy, Geoffrey M. Voelker, Stefan Savage
2019 USENIX Security Symposium  
The entirely reasonable premise is that, by compiling up-to-date information about known threats (i.e., IP addresses, domain names, file hashes, etc.), recipients of such information may be able to better  ...  Further, we ground our quantitative assessments using external measurements to qualitatively investigate issues of coverage and accuracy.  ...  We are also very grateful to Alberto Dainotti and Alistair King for sharing the UCSD telescope data and helping us with the analysis, Gautam Akiwate for helping us query the domain data, and Matt Jonkman  ... 
dblp:conf/uss/LiDPMVS19 fatcat:ewgab2h7kjadnatklo6ivbmetq

Precise system-wide concatic malware unpacking [article]

David Korczynski
2019 arXiv   pre-print
The problem has received much attention, and so far, solutions based on dynamic analysis have been the most successful.  ...  Together, these novelties amplify the generality and precision of automatic unpacking and make the output of Minerva highly usable.  ...  with the ground-truth samples in benchmark set #1.  ... 
arXiv:1908.09204v1 fatcat:r7ivlcxpj5h5lp2jnatld5dfyq

A Survey on Threat Situation Awareness Systems: Framework, Techniques, and Insights [article]

Hooman Alavizadeh, Julian Jang-Jaccard, Simon Yusuf Enoch, Harith Al-Sahaf, Ian Welch, Seyit A. Camtepe, Dong Seong Kim
2021 arXiv   pre-print
This paper provides a comprehensive study on the current state-of-the-art in the cyber SA to discuss the following aspects of SA: key design principles, framework, classifications, data collection, and  ...  analysis of the techniques, and evaluation methods.  ...  MBIE) of New Zealand as a part of the Catalyst Strategy Funds under Grant MAUX1912.  ... 
arXiv:2110.15747v1 fatcat:zboddcg4a5gdxmq5hqmo5cpj34
« Previous Showing results 1 — 15 out of 122 results