CC-Tracker: Interaction Profiling Bipartite Graph Mining for Malicious Network Activity Detection

Tzung Han Jeng, Yi Ming Chen, Chien Chih Chen, Chuan Chiang Huang, Kuo Sen Chou

研究成果: 書貢獻/報告類型會議論文篇章同行評審

3 引文 斯高帕斯(Scopus)

摘要

Malicious domain names are useful for cybercrime, but can be easily blocked by blacklists. To avoid a single point of failure, cybercriminals use domain generation algorithm to generate a large number of malicious domains. Once the victim's machine is infected with malware, the malware tends to connect to malicious domain names to commit cybercrimes, such as waiting for remote control commands or sending malware feedback. Therefore, how to detect these malicious connections has been a hot research topic in information security. In this paper, a new method of tracking malicious domain and victim machine by scalability system named CC-Tracker (Cyber Criminal Tracker) based on HTTP is presented. CC-Tracker extracts 12 features from HTTP traffic using MapReduce framework based Interaction Profiling Bipartite Graph mining. Experimental results show that CC-Tracker can reach 99% AUC in the evaluation benchmark. In addition in the deployment environment found new malicious domain of network traffic, and dig out the hidden in the enterprise, the victims of the machine these malicious domain are a threat to other online reputation system can't identify. The scalability and applicability of CC-Tracker are demonstrated by experiments on the real-world environment.

原文???core.languages.en_GB???
主出版物標題DSC 2018 - 2018 IEEE Conference on Dependable and Secure Computing
發行者Institute of Electrical and Electronics Engineers Inc.
ISBN(電子)9781538657904
DOIs
出版狀態已出版 - 23 1月 2019
事件2018 IEEE Conference on Dependable and Secure Computing, DSC 2018 - Kaohsiung, Taiwan
持續時間: 10 12月 201813 12月 2018

出版系列

名字DSC 2018 - 2018 IEEE Conference on Dependable and Secure Computing

???event.eventtypes.event.conference???

???event.eventtypes.event.conference???2018 IEEE Conference on Dependable and Secure Computing, DSC 2018
國家/地區Taiwan
城市Kaohsiung
期間10/12/1813/12/18

指紋

深入研究「CC-Tracker: Interaction Profiling Bipartite Graph Mining for Malicious Network Activity Detection」主題。共同形成了獨特的指紋。

引用此