Journal Title
Title of Journal: Int J Inf Secur
|
Abbravation: International Journal of Information Security
|
Publisher
Springer Berlin Heidelberg
|
|
|
|
|
|
Authors: Khamphao Sisaat Surin Kittitornkun Hiroaki Kikuchi Chaxiong Yukonhiatou Masato Terada Hiroshi Ishii
Publish Date: 2016/07/12
Volume: 16, Issue: 5, Pages: 459-473
Abstract
A huge number of botnet malware variants can be downloaded by zombie personal computers as secondary injections and upgrades according to their botmasters to perform different distributed/coordinated cyber attacks such as phishing spam email malicious Web sites ransomware DDoS In order to generate a faster response to new threats and better understanding of botnet activities grouping them based on their malicious behaviors has become extremely important This paper presents a SpatioTemporal malware clustering algorithm based on its weeklyhourlycountry features The dataset contains more than 32 million of malware download logs from 100 honeypots set up by Malware Investigation Task Force MITF of Internet Initiative Japan Inc IIJ from 2011 to 2012 The Top20 malware clustering results coincidentally correspond to ConfickerB and ConfickerC with relatively high precision and recall rates up to 1000 889 and 917 1000 respectively On the other hand the resulting two clusters of Top20 countries are comparable to those with high and low growth rates recently reported in 2015 by Asghari et al Therefore our approach can be validated and evaluated to yield precision and recall of up to 750 and 867 respectively
Keywords:
.
|
Other Papers In This Journal:
|