当前位置: X-MOL 学术Secur. Commun. Netw. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
MD-MinerP: Interaction Profiling Bipartite Graph Mining for Malware-Control Domain Detection
Security and Communication Networks Pub Date : 2020-10-29 , DOI: 10.1155/2020/8841544
Tzung-Han Jeng, Yi-Ming Chen, Chien-Chih Chen, Chuan-Chiang Huang

Despite the efforts of information security experts, cybercrimes are still emerging at an alarming rate. Among the tools used by cybercriminals, malicious domains are indispensable and harm from the Internet has become a global problem. Malicious domains play an important role from SPAM and Cross-Site Scripting (XSS) threats to Botnet and Advanced Persistent Threat (APT) attacks at large scales. To ensure there is not a single point of failure or to prevent their detection and blocking, malware authors have employed domain generation algorithms (DGAs) and domain-flux techniques to generate a large number of domain names for malicious servers. As a result, malicious servers are difficult to detect and remove. Furthermore, the clues of cybercrime are stored in network traffic logs, but analyzing long-term big network traffic data is a challenge. To adapt the technology of cybercrimes and automatically detect unknown malicious threats, we previously proposed a system called MD-Miner. To improve its efficiency and accuracy, we propose the MD-MinerP here, which generates more features with identification capabilities in the feature extraction stage. Moreover, MD-MinerP adapts interaction profiling bipartite graphs instead of annotated bipartite graphs. The experimental results show that MD-MinerP has better area under curve (AUC) results and found new malicious domains that could not be recognized by other threat intelligence systems. The MD-MinerP exhibits both scalability and applicability, which has been experimentally validated on actual enterprise network traffic.

中文翻译:

MD-MinerP:用于恶意软件控制域检测的交互分析双向图挖掘

尽管信息安全专家做出了努力,但网络犯罪仍然以惊人的速度出现。在网络犯罪分子使用的工具中,恶意域是必不可少的,并且来自Internet的危害已成为全球性问题。恶意域在垃圾邮件和跨站点脚本(XSS)威胁到僵尸网络和高级持久威胁(APT)攻击中起着重要作用。为了确保没有单点故障或防止对其进行检测和阻止,恶意软件作者已经使用域生成算法(DGA)和域通量技术来为恶意服务器生成大量域名。结果,难以检测和删除恶意服务器。此外,网络犯罪的线索存储在网络流量日志中,但是分析长期的大型网络流量数据是一个挑战。MD矿工。为了提高其效率和准确性,我们在这里提出了MD-Miner P,它在特征提取阶段生成具有识别功能的更多特征。此外,MD-Miner P改编了交互分析二部图而不是带注释的二部图。实验结果表明,MD-Miner P具有更好的曲线下面积(AUC)结果,并发现了其他威胁情报系统无法识别的新恶意域。在MD-矿工P具有两个可扩展性和实用性,这对企业实际的网络流量被实验验证。
更新日期:2020-10-30
down
wechat
bug