@inproceedings{3c6a4670ca114af8acd641b37b568024,
title = "CC-Tracker: Interaction Profiling Bipartite Graph Mining for Malicious Network Activity Detection",
abstract = "Malicious domain names are useful for cybercrime, but can be easily blocked by blacklists. To avoid a single point of failure, cybercriminals use domain generation algorithm to generate a large number of malicious domains. Once the victim's machine is infected with malware, the malware tends to connect to malicious domain names to commit cybercrimes, such as waiting for remote control commands or sending malware feedback. Therefore, how to detect these malicious connections has been a hot research topic in information security. In this paper, a new method of tracking malicious domain and victim machine by scalability system named CC-Tracker (Cyber Criminal Tracker) based on HTTP is presented. CC-Tracker extracts 12 features from HTTP traffic using MapReduce framework based Interaction Profiling Bipartite Graph mining. Experimental results show that CC-Tracker can reach 99% AUC in the evaluation benchmark. In addition in the deployment environment found new malicious domain of network traffic, and dig out the hidden in the enterprise, the victims of the machine these malicious domain are a threat to other online reputation system can't identify. The scalability and applicability of CC-Tracker are demonstrated by experiments on the real-world environment.",
keywords = "Botnet, Hadoop, MapReduce, Spark",
author = "Jeng, {Tzung Han} and Chen, {Yi Ming} and Chen, {Chien Chih} and Huang, {Chuan Chiang} and Chou, {Kuo Sen}",
note = "Publisher Copyright: {\textcopyright} 2018 IEEE.; 2018 IEEE Conference on Dependable and Secure Computing, DSC 2018 ; Conference date: 10-12-2018 Through 13-12-2018",
year = "2019",
month = jan,
day = "23",
doi = "10.1109/DESEC.2018.8625170",
language = "???core.languages.en_GB???",
series = "DSC 2018 - 2018 IEEE Conference on Dependable and Secure Computing",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
booktitle = "DSC 2018 - 2018 IEEE Conference on Dependable and Secure Computing",
}