SPADE: an efficient algorithm for mining frequent sequences
Machine Learning
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Internet intrusions: global characteristics and prevalence
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
The Art of Computer Virus Research and Defense
The Art of Computer Virus Research and Defense
Mining all maximal frequent word sequences in a set of sentences
Proceedings of the 14th ACM international conference on Information and knowledge management
A multifaceted approach to understanding the botnet phenomenon
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Finding diversity in remote code injection exploits
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Exploiting underlying structure for detailed reconstruction of an internet-scale event
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Approaches to adversarial drift
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
Towards automatic software lineage inference
SEC'13 Proceedings of the 22nd USENIX conference on Security
A study on common malware families evolution in 2012
Journal in Computer Virology
| Hi-index | 0.00 |
The diversity, sophistication and availability of malicious software (malcode/malware) pose enormous challenges for securing networks and end hosts from attacks. In this paper, we analyze a large corpus of malcode meta data compiled over a period of 19 years. Our aim is to understand how malcode has evolved over the years, and in particular, how different instances of malcode relate to one another. We develop a novel graph pruning technique to establish the inheritance relationships between different instances of malcode based on temporal information and key common phrases Identified In the malcode descriptions. Our algorithm enables a range of possible inheritance structures. We study the resulting "likely" malcode families, which we identify through extensive manual investigation. We present an evaluation of gross characteristics of malcode evolution and also drill down on the details of the most interesting and potentially dangerous malcode families.