Source of Publication
In this paper, we investigate cyber-threats and the underlying infrastructures. More precisely, we detect and analyze cyber-threat infrastructures for the purpose of unveiling key players (owners, domains, IPs, organizations, malware families, etc.) and the relationships between these players. To this end, we propose metrics to measure the badness of different infrastructure elements using graph theoretic concepts such as centrality concepts and Google PageRank. In addition, we quantify the sharing of infrastructure elements among different malware samples and families to unveil potential groups that are behind specific attacks. Moreover, we study the evolution of cyber-threat infrastructures over time to infer patterns of cyber-criminal activities. The proposed study provides the capability to derive insights and intelligence about cyber-threat infrastructures. Using one year dataset, we generate notable results regarding emerging threats and campaigns, important players behind threats, linkages between cyber-threat infrastructure elements, patterns of cyber-crimes, etc.
Computer crime; Graph theory; Cyber criminals; Cyber threats; Cyber-crimes; Google PageRank; Graph fingerprinting; Graph-theoretic; Malware analysis; Malware families; Malware
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.
Boukhtouta, Amine; Mouheb, Djedjiga; Debbabi, Mourad; Alfandi, Omar; Iqbal, Farkhund; and El Barachi, May, "Graph-theoretic characterization of cyber-threat infrastructures" (2015). All Works. 1807.
Indexed in Scopus
Open Access Type
Hybrid: This publication is openly available in a subscription-based journal/series