Using Behavioral Similarity for Botnet Command-and-Control Discovery

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F16%3A00307391" target="_blank" >RIV/68407700:21230/16:00307391 - isvavai.cz</a>

Výsledek na webu

<a href="http://ieeexplore.ieee.org/abstract/document/7579414/" target="_blank" >http://ieeexplore.ieee.org/abstract/document/7579414/</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/MIS.2016.88" target="_blank" >10.1109/MIS.2016.88</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Using Behavioral Similarity for Botnet Command-and-Control Discovery

Popis výsledku v původním jazyce

Malware authors and operators typically collaborate to achieve the optimal profit. They also frequently change their behavior and resources to avoid detection. The authors propose a social similarity metrics that exploits these relationships to improve the effectiveness and stability of the threat propagation algorithm typically used to discover malicious collaboration. Furthermore, they propose behavioral modeling as a way to group similarly behaving servers, enabling extension of the ground truth that's so expensive to obtain in the field of network security. The authors also show that seeding the threat propagation algorithm from a set of coherently behaving servers (instead of from a single known malicious server identified by threat intelligence) makes the algorithm far more effective and significantly more robust, without compromising the precision of findings.

Název v anglickém jazyce

Using Behavioral Similarity for Botnet Command-and-Control Discovery

Popis výsledku anglicky

Malware authors and operators typically collaborate to achieve the optimal profit. They also frequently change their behavior and resources to avoid detection. The authors propose a social similarity metrics that exploits these relationships to improve the effectiveness and stability of the threat propagation algorithm typically used to discover malicious collaboration. Furthermore, they propose behavioral modeling as a way to group similarly behaving servers, enabling extension of the ground truth that's so expensive to obtain in the field of network security. The authors also show that seeding the threat propagation algorithm from a set of coherently behaving servers (instead of from a single known malicious server identified by threat intelligence) makes the algorithm far more effective and significantly more robust, without compromising the precision of findings.

Druh

J_x - Nezařazeno - Článek v odborném periodiku (Jimp, Jsc a Jost)

CEP obor

JC - Počítačový hardware a software

OECD FORD obor

—

Projekt

—

Návaznosti

I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2016

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

IEEE Intelligent Systems

ISSN

1541-1672

e-ISSN

—

Svazek periodika

31

Číslo periodika v rámci svazku

5

Stát vydavatele periodika

US - Spojené státy americké

Počet stran výsledku

7

Strana od-do

16-22

Kód UT WoS článku

000385623600003

EID výsledku v databázi Scopus

2-s2.0-84992751038