Title :
Cross-layer analysis of malware datasets for malicious campaigns identification
Author :
Kruczkowski, Michal ; Niewiadomska-Szynkiewicz, Ewa ; Kozakiewicz, Adam
Author_Institution :
Res. & Acad. Comput. Network (NASK), Warsaw, Poland
Abstract :
In this paper, we investigate the problem of detecting correlations among datasets containing malicious data concerned with various types of network attacks and related events of the infections taken from a numerous sources and organizations. We propose a graph based technique to depict relationships between malicious data based on values of attributes related both to attackers and victims, and referred to different layers of the OSI model. The presented model can be used to fast, automatic identification of malware campaigns. The case study described in the paper demonstrates the performance of our method.
Keywords :
graph theory; invasive software; OSI model; automatic malware campaign identification; cross-layer analysis; graph based technique; malicious campaigns identification; malicious data; malware datasets; network attacks; Correlation; Databases; IP networks; Malware; Servers; Software; Uniform resource locators;
Conference_Titel :
Military Communications and Information Systems (ICMCIS), 2015 International Conference on
Conference_Location :
Cracow
Print_ISBN :
978-8-3934-8485-0
DOI :
10.1109/ICMCIS.2015.7158682
