Visualizing a Malware Distribution Network

Sebastian Peryt; Jose Andre Morales; William Casey; Aaron Volkmann; Bud Mishra; Yang Cai

doi:10.1109/VIZSEC.2016.7739585

Visualizing a Malware Distribution Network

Sebastian Peryt, Jose Andre Morales, William Casey, Aaron Volkmann, Bud Mishra, Yang Cai

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

In this paper, we present a case study of visual analytics of a Malware Distribution Network (MDN), a connected set of maliciously compromised domains used to disseminate malicious software to victimize computers and users. We formally define the graph of an MDN to visualize top-level-domain (TLD) data collected from Google Safe Browsing reports in a temporal manner characterizing the topological structure. From the collected data, we were able to identify and label a TLD's role in malware distribution. The visual analytics provided insights on the topological structure of MDNs over time including highly connected and persistent TLDs and subnetworks.

Original language	English (US)
Title of host publication	2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016
Editors	Diane Staheli, Lane Harrison, Nicolas Prigent, Daniel M. Best, Sophie Engle
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781509016051
DOIs	https://doi.org/10.1109/VIZSEC.2016.7739585
State	Published - Nov 8 2016
Event	2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016 - Baltimore, United States Duration: Oct 24 2016 → …

Publication series

Name	2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016

Other

Other	2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016
Country/Territory	United States
City	Baltimore
Period	10/24/16 → …

Keywords

Google Safe Browsing
behavioral graph
malware
malware distribution network
top-level domain
visualization

ASJC Scopus subject areas

Computer Networks and Communications
Media Technology
Modeling and Simulation

Access to Document

10.1109/VIZSEC.2016.7739585

Cite this

Peryt, S., Andre Morales, J., Casey, W., Volkmann, A., Mishra, B., & Cai, Y. (2016). Visualizing a Malware Distribution Network. In D. Staheli, L. Harrison, N. Prigent, D. M. Best, & S. Engle (Eds.), 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016 Article 7739585 (2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/VIZSEC.2016.7739585

Visualizing a Malware Distribution Network. / Peryt, Sebastian; Andre Morales, Jose; Casey, William et al.
2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016. ed. / Diane Staheli; Lane Harrison; Nicolas Prigent; Daniel M. Best; Sophie Engle. Institute of Electrical and Electronics Engineers Inc., 2016. 7739585 (2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Peryt, S, Andre Morales, J, Casey, W, Volkmann, A, Mishra, B & Cai, Y 2016, Visualizing a Malware Distribution Network. in D Staheli, L Harrison, N Prigent, DM Best & S Engle (eds), 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016., 7739585, 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016, Institute of Electrical and Electronics Engineers Inc., 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016, Baltimore, United States, 10/24/16. https://doi.org/10.1109/VIZSEC.2016.7739585

Peryt S, Andre Morales J, Casey W, Volkmann A, Mishra B, Cai Y. Visualizing a Malware Distribution Network. In Staheli D, Harrison L, Prigent N, Best DM, Engle S, editors, 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016. Institute of Electrical and Electronics Engineers Inc. 2016. 7739585. (2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016). doi: 10.1109/VIZSEC.2016.7739585

Peryt, Sebastian ; Andre Morales, Jose ; Casey, William et al. / Visualizing a Malware Distribution Network. 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016. editor / Diane Staheli ; Lane Harrison ; Nicolas Prigent ; Daniel M. Best ; Sophie Engle. Institute of Electrical and Electronics Engineers Inc., 2016. (2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016).

@inproceedings{e9ba5095913845dabf11c367e5fcedda,

title = "Visualizing a Malware Distribution Network",

abstract = "In this paper, we present a case study of visual analytics of a Malware Distribution Network (MDN), a connected set of maliciously compromised domains used to disseminate malicious software to victimize computers and users. We formally define the graph of an MDN to visualize top-level-domain (TLD) data collected from Google Safe Browsing reports in a temporal manner characterizing the topological structure. From the collected data, we were able to identify and label a TLD's role in malware distribution. The visual analytics provided insights on the topological structure of MDNs over time including highly connected and persistent TLDs and subnetworks.",

keywords = "Google Safe Browsing, behavioral graph, malware, malware distribution network, top-level domain, visualization",

author = "Sebastian Peryt and {Andre Morales}, Jose and William Casey and Aaron Volkmann and Bud Mishra and Yang Cai",

note = "Publisher Copyright: {\textcopyright} 2016 IEEE.; 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016 ; Conference date: 24-10-2016",

year = "2016",

month = nov,

day = "8",

doi = "10.1109/VIZSEC.2016.7739585",

language = "English (US)",

series = "2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

editor = "Diane Staheli and Lane Harrison and Nicolas Prigent and Best, {Daniel M.} and Sophie Engle",

booktitle = "2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016",

}

TY - GEN

T1 - Visualizing a Malware Distribution Network

AU - Peryt, Sebastian

AU - Andre Morales, Jose

AU - Casey, William

AU - Volkmann, Aaron

AU - Mishra, Bud

AU - Cai, Yang

PY - 2016/11/8

Y1 - 2016/11/8

N2 - In this paper, we present a case study of visual analytics of a Malware Distribution Network (MDN), a connected set of maliciously compromised domains used to disseminate malicious software to victimize computers and users. We formally define the graph of an MDN to visualize top-level-domain (TLD) data collected from Google Safe Browsing reports in a temporal manner characterizing the topological structure. From the collected data, we were able to identify and label a TLD's role in malware distribution. The visual analytics provided insights on the topological structure of MDNs over time including highly connected and persistent TLDs and subnetworks.

AB - In this paper, we present a case study of visual analytics of a Malware Distribution Network (MDN), a connected set of maliciously compromised domains used to disseminate malicious software to victimize computers and users. We formally define the graph of an MDN to visualize top-level-domain (TLD) data collected from Google Safe Browsing reports in a temporal manner characterizing the topological structure. From the collected data, we were able to identify and label a TLD's role in malware distribution. The visual analytics provided insights on the topological structure of MDNs over time including highly connected and persistent TLDs and subnetworks.

KW - Google Safe Browsing

KW - behavioral graph

KW - malware

KW - malware distribution network

KW - top-level domain

KW - visualization

UR - http://www.scopus.com/inward/record.url?scp=85006852847&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85006852847&partnerID=8YFLogxK

U2 - 10.1109/VIZSEC.2016.7739585

DO - 10.1109/VIZSEC.2016.7739585

M3 - Conference contribution

AN - SCOPUS:85006852847

T3 - 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016

BT - 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016

A2 - Staheli, Diane

A2 - Harrison, Lane

A2 - Prigent, Nicolas

A2 - Best, Daniel M.

A2 - Engle, Sophie

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016

Y2 - 24 October 2016

ER -

Visualizing a Malware Distribution Network

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this