Document Type
Article
Source of Publication
Digital Investigation
Publication Date
1-1-2015
Abstract
In this paper, we investigate cyber-threats and the underlying infrastructures. More precisely, we detect and analyze cyber-threat infrastructures for the purpose of unveiling key players (owners, domains, IPs, organizations, malware families, etc.) and the relationships between these players. To this end, we propose metrics to measure the badness of different infrastructure elements using graph theoretic concepts such as centrality concepts and Google PageRank. In addition, we quantify the sharing of infrastructure elements among different malware samples and families to unveil potential groups that are behind specific attacks. Moreover, we study the evolution of cyber-threat infrastructures over time to infer patterns of cyber-criminal activities. The proposed study provides the capability to derive insights and intelligence about cyber-threat infrastructures. Using one year dataset, we generate notable results regarding emerging threats and campaigns, important players behind threats, linkages between cyber-threat infrastructure elements, patterns of cyber-crimes, etc.
DOI Link
ISSN
Publisher
Elsevier Ltd
Volume
14
First Page
S3
Last Page
S15
Disciplines
Computer Sciences
Keywords
Computer crime, Graph theory, Cyber criminals, Cyber threats, Cyber-crimes, Google PageRank, Graph fingerprinting, Graph-theoretic, Malware analysis, Malware families, Malware
Scopus ID
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Recommended Citation
Boukhtouta, Amine; Mouheb, Djedjiga; Debbabi, Mourad; Alfandi, Omar; Iqbal, Farkhund; and El Barachi, May, "Graph-theoretic characterization of cyber-threat infrastructures" (2015). All Works. 1807.
https://zuscholars.zu.ac.ae/works/1807
Indexed in Scopus
yes
Open Access
yes
Open Access Type
Hybrid: This publication is openly available in a subscription-based journal/series