Document Type

Article

Source of Publication

Digital Investigation

Publication Date

1-1-2015

Abstract

In this paper, we investigate cyber-threats and the underlying infrastructures. More precisely, we detect and analyze cyber-threat infrastructures for the purpose of unveiling key players (owners, domains, IPs, organizations, malware families, etc.) and the relationships between these players. To this end, we propose metrics to measure the badness of different infrastructure elements using graph theoretic concepts such as centrality concepts and Google PageRank. In addition, we quantify the sharing of infrastructure elements among different malware samples and families to unveil potential groups that are behind specific attacks. Moreover, we study the evolution of cyber-threat infrastructures over time to infer patterns of cyber-criminal activities. The proposed study provides the capability to derive insights and intelligence about cyber-threat infrastructures. Using one year dataset, we generate notable results regarding emerging threats and campaigns, important players behind threats, linkages between cyber-threat infrastructure elements, patterns of cyber-crimes, etc.

ISSN

1742-2876

Publisher

Elsevier Ltd

Volume

14

First Page

S3

Last Page

S15

Disciplines

Computer Sciences

Keywords

Computer crime; Graph theory; Cyber criminals; Cyber threats; Cyber-crimes; Google PageRank; Graph fingerprinting; Graph-theoretic; Malware analysis; Malware families; Malware

Scopus ID

84938975911

Indexed in Scopus

yes

Open Access

yes

Open Access Type

Hybrid: This publication is openly available in a subscription-based journal/series

Share

COinS