CC-Tracker: Interaction Profiling Bipartite Graph Mining for Malicious Network Activity Detection

Tzung Han Jeng, Yi Ming Chen, Chien Chih Chen, Chuan Chiang Huang, Kuo Sen Chou

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Scopus citations

Abstract

Malicious domain names are useful for cybercrime, but can be easily blocked by blacklists. To avoid a single point of failure, cybercriminals use domain generation algorithm to generate a large number of malicious domains. Once the victim's machine is infected with malware, the malware tends to connect to malicious domain names to commit cybercrimes, such as waiting for remote control commands or sending malware feedback. Therefore, how to detect these malicious connections has been a hot research topic in information security. In this paper, a new method of tracking malicious domain and victim machine by scalability system named CC-Tracker (Cyber Criminal Tracker) based on HTTP is presented. CC-Tracker extracts 12 features from HTTP traffic using MapReduce framework based Interaction Profiling Bipartite Graph mining. Experimental results show that CC-Tracker can reach 99% AUC in the evaluation benchmark. In addition in the deployment environment found new malicious domain of network traffic, and dig out the hidden in the enterprise, the victims of the machine these malicious domain are a threat to other online reputation system can't identify. The scalability and applicability of CC-Tracker are demonstrated by experiments on the real-world environment.

Original languageEnglish
Title of host publicationDSC 2018 - 2018 IEEE Conference on Dependable and Secure Computing
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538657904
DOIs
StatePublished - 23 Jan 2019
Event2018 IEEE Conference on Dependable and Secure Computing, DSC 2018 - Kaohsiung, Taiwan
Duration: 10 Dec 201813 Dec 2018

Publication series

NameDSC 2018 - 2018 IEEE Conference on Dependable and Secure Computing

Conference

Conference2018 IEEE Conference on Dependable and Secure Computing, DSC 2018
Country/TerritoryTaiwan
CityKaohsiung
Period10/12/1813/12/18

Keywords

  • Botnet
  • Hadoop
  • MapReduce
  • Spark

Fingerprint

Dive into the research topics of 'CC-Tracker: Interaction Profiling Bipartite Graph Mining for Malicious Network Activity Detection'. Together they form a unique fingerprint.

Cite this