Using Behavioral Similarity for Botnet Command-and-Control Discovery
| Autor: | Jan Kohout, Jan Stiborek, Martin Rehak, Jan Jusko, Tomas Pevny |
|---|---|
| Rok vydání: | 2016 |
| Předmět: |
Computer Networks and Communications
Computer science business.industry Network security Botnet 02 engineering and technology Machine learning computer.software_genre Computer security Behavioral modeling Artificial Intelligence 020204 information systems Server Threat model 0202 electrical engineering electronic engineering information engineering Command and control Malware 020201 artificial intelligence & image processing Algorithm design Artificial intelligence business computer |
| Zdroj: | IEEE Intelligent Systems. 31:16-22 |
| ISSN: | 1941-1294 1541-1672 |
| DOI: | 10.1109/mis.2016.88 |
| Popis: | Malware authors and operators typically collaborate to achieve the optimal profit. They also frequently change their behavior and resources to avoid detection. The authors propose a social similarity metrics that exploits these relationships to improve the effectiveness and stability of the threat propagation algorithm typically used to discover malicious collaboration. Furthermore, they propose behavioral modeling as a way to group similarly behaving servers, enabling extension of the ground truth that's so expensive to obtain in the field of network security. The authors also show that seeding the threat propagation algorithm from a set of coherently behaving servers (instead of from a single known malicious server identified by threat intelligence) makes the algorithm far more effective and significantly more robust, without compromising the precision of findings. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|