We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
deMSF: a Method for Detecting Malicious Server Flocks for Same Campaign.
- Authors
Yixin Li; Liming Wang; Jing Yang; Zhen Xu; Xi Luo
- Abstract
Nowadays, cybercriminals tend to leverage dynamic malicious infrastructures with multiple servers to conduct attacks, such as malware distribution and control. Compared with a single server, employing multiple servers allows crimes to be more efficient and stealthy. As the necessary role infrastructures play, many approaches have been proposed to detect malicious servers. However, many existing methods typically target only on the individual server and therefore fail to reveal inter-server connections of an attack campaign. In this paper, we propose a complementary system, deMSF, to identify server flocks, which are formed by infrastructures involved in the same malicious campaign. Our solution first acquires server flocks by mining relations of servers from both spatial and temporal dimensions. Further we extract the semantic vectors of servers based on word2vec and build a textCNN-based flocks classifier to recognize malicious flocks. We evaluate deMSF with real-world traffic collected from an ISP network. The result shows that it has a high precision of 99% with 90% recall.
- Subjects
CYBERCRIMINALS; MALWARE; INFRASTRUCTURE (Economics); MONETIZATION; CONVOLUTIONAL neural networks
- Publication
EAI Endorsed Transactions on Security & Safety, 2020, Vol 7, Issue 26, p1
- ISSN
2032-9393
- Publication type
Article
- DOI
10.4108/eai.21-6-2021.170236