With the popularization of Internet the spread of malwares or viruses become easier in recent years Web-based malware overcomes signature-based detec- tion by modifying the behavior or using zero-day attack It results in critical challenges for anti-virus companies to defend with those attackers None of any anti-virus companies have the confident to say they could detect all of viruses consequently there are many online virus scan tools providing the capability for users searching the suspect files url or ip in case of anti-virus software didn’t catch it When people use these online tools they will leave query logs behind and those query logs are valuable especially if they come from domain experts It provides information not only containing security domain experts’ suspicion but also having the time property for us to analyze what attack events could be formed From the observation in network security company those query logs are highly different because the same malware could have the diverse behavior in different environments But those query logs may have some relationships between each others especially if they come within the same time interval As such we can find those relationships and identify some factors of rising attacks Based on this idea we model a malware behavior graph and develop a proto- ?v type framework to find the relationship have Temporal Concentrative Property (TCP) between query logs and targets (CVEs or malware family etc) and then further identify the Suspect Rising Attack Factor (SRAF) In our experimental results it shows that we can find the k-approximation targets that give us a verification of the original idea
| Date of Award | 2014 Aug 25 |
|---|
| Original language | English |
|---|
| Supervisor | Kun-Ta Chuang (Supervisor) |
|---|
Graph Mining on MALWARE Activities for Online THREAT Identification
首翰, 黃. (Author). 2014 Aug 25
Student thesis: Master's Thesis