Jukka Ruohonen, S. Šćepanović, S. Hyrynsalmi, I. Mishkovski, T. Aura, V. Leppänen
{"title":"将基于文件的恶意软件图与DNS图的经验基础事实相关联","authors":"Jukka Ruohonen, S. Šćepanović, S. Hyrynsalmi, I. Mishkovski, T. Aura, V. Leppänen","doi":"10.1145/2993412.2993414","DOIUrl":null,"url":null,"abstract":"This exploratory empirical paper investigates whether the sharing of unique malware files between domains is empirically associated with the sharing of Internet Protocol (IP) addresses and the sharing of normal, non-malware files. By utilizing a graph theoretical approach with a web crawling dataset from F-Secure, the paper finds no robust statistical associations, however. Unlike what might be expected from the still continuing popularity of shared hosting services, the sharing of IP addresses through the domain name system (DNS) seems to neither increase nor decrease the sharing of malware files. In addition to these exploratory empirical results, the paper contributes to the field of DNS mining by elaborating graph theoretical representations that are applicable for analyzing different network forensics problems.","PeriodicalId":409631,"journal":{"name":"Proccedings of the 10th European Conference on Software Architecture Workshops","volume":"2019 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Correlating file-based malware graphs against the empirical ground truth of DNS graphs\",\"authors\":\"Jukka Ruohonen, S. Šćepanović, S. Hyrynsalmi, I. Mishkovski, T. Aura, V. Leppänen\",\"doi\":\"10.1145/2993412.2993414\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This exploratory empirical paper investigates whether the sharing of unique malware files between domains is empirically associated with the sharing of Internet Protocol (IP) addresses and the sharing of normal, non-malware files. By utilizing a graph theoretical approach with a web crawling dataset from F-Secure, the paper finds no robust statistical associations, however. Unlike what might be expected from the still continuing popularity of shared hosting services, the sharing of IP addresses through the domain name system (DNS) seems to neither increase nor decrease the sharing of malware files. In addition to these exploratory empirical results, the paper contributes to the field of DNS mining by elaborating graph theoretical representations that are applicable for analyzing different network forensics problems.\",\"PeriodicalId\":409631,\"journal\":{\"name\":\"Proccedings of the 10th European Conference on Software Architecture Workshops\",\"volume\":\"2019 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-11-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proccedings of the 10th European Conference on Software Architecture Workshops\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2993412.2993414\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proccedings of the 10th European Conference on Software Architecture Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2993412.2993414","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Correlating file-based malware graphs against the empirical ground truth of DNS graphs
This exploratory empirical paper investigates whether the sharing of unique malware files between domains is empirically associated with the sharing of Internet Protocol (IP) addresses and the sharing of normal, non-malware files. By utilizing a graph theoretical approach with a web crawling dataset from F-Secure, the paper finds no robust statistical associations, however. Unlike what might be expected from the still continuing popularity of shared hosting services, the sharing of IP addresses through the domain name system (DNS) seems to neither increase nor decrease the sharing of malware files. In addition to these exploratory empirical results, the paper contributes to the field of DNS mining by elaborating graph theoretical representations that are applicable for analyzing different network forensics problems.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
