Paper Info
Title
MD-MinerP: Interaction Profiling Bipartite Graph Mining for Malware-Control Domain Detection
Abstract
Despite the efforts of information security experts, cybercrimes are still emerging at an alarming rate. Among the tools used by cybercriminals, malicious domains are indispensable and harm from the Internet has become a global problem. Malicious domains play an important role from SPAM and Cross-Site Scripting (XSS) threats to Botnet and Advanced Persistent Threat (APT) attacks at large scales. To ensure there is not a single point of failure or to prevent their detection and blocking, malware authors have employed domain generation algorithms (DGAs) and domain-flux techniques to generate a large number of domain names for malicious servers. As a result, malicious servers are difficult to detect and remove. Furthermore, the clues of cybercrime are stored in network traffic logs, but analyzing long-term big network traffic data is a challenge. To adapt the technology of cybercrimes and automatically detect unknown malicious threats, we previously proposed a system called MD-Miner. To improve its efficiency and accuracy, we propose the MD-Miner(P) here, which generates more features with identification capabilities in the feature extraction stage. Moreover, MD-Miner(P) adapts interaction profiling bipartite graphs instead of annotated bipartite graphs. The experimental results show that MD-Miner(P) has better area under curve (AUC) results and found new malicious domains that could not be recognized by other threat intelligence systems. The MD-Miner(P) exhibits both scalability and applicability, which has been experimentally validated on actual enterprise network traffic.
Year
DOI
Venue
2020
10.1155/2020/8841544
SECURITY AND COMMUNICATION NETWORKS
DocType
Volume
ISSN
Journal
2020.0
1939-0114
Citations 
PageRank 
References 
0
0.34
0
Authors
4
Name
Order
Citations
PageRank
Tzung-Han Jeng121.74
Yi-Ming Chen27710.35
Chien-Chih Chen311120.42
Chuan-Chiang Huang401.35