SHARKFIN: Spatio-temporal Mining of Software Adoption & Penetration
نویسندگان
چکیده
How does malware propagate? Does it form spikes over time? Does it resemble the propagation pattern of benign files, such as software patches? Does it spread uniformly over countries? How long does it take for a URL that distributes malware to be detected and shut down? In this work, we answer these questions by analyzing patterns from 22 million malicious (and benign) files, found on 1.6 million hosts worldwide during the month of June 2011. We conduct this study using the WINE database available at Symantec Research Labs. Additionally, we explore the research questions raised by sampling on such large databases of executables; the importance of studying the implications of sampling is twofold: First, sampling is a means of reducing the size of the database hence making it more accessible to researchers; second, because every such data collection can be perceived as a sample of the real world. We discover the SHARKFIN temporal propagation pattern of executable files, the GEOSPLIT pattern in the geographical spread of machines that report executables to Symantec’s servers, the Periodic Power Law (PPL) distribution of the life-time of URLs, and we show how to efficiently extrapolate crucial properties of the data from a small sample. We further investigate the propagation pattern of benign and malicious executables, unveiling latent structures E. E. Papalexakis & C. Faloutsos Carnegie Mellon University School of Computer Science E-mail: {epapalex,christos}@cs.cmu.edu T. Dumitras University of Maryland Dept. of ECE E-mail: [email protected] D. H. Chau Georgia Tech School of Computational Science & Engineering E-mail: [email protected] B. A. Prakash Virginia Tech Computer Science Department E-mail: [email protected] 2 Evangelos E. Papalexakis et al. in the way these files spread. To the best of our knowledge, our work represents the largest study of propagation patterns of executables.
منابع مشابه
Spatio-Temporal Variation of Suspended Sediment Concentration at Downstream of a Sand Mine
The growing population led to greater human need to use natural resources such as sand and gravel mines. Direct removal of sands from the bed river leads to increase suspended sediment concentrations in downstream of harvested area and creates other problems viz. filling reservoirs, change in hydraulic characteristics of the channel and environmental damages. However, the range of temporal and ...
متن کاملAssessment of Neonate's Congenital Hypothyroidism Pattern Using Poisson Spatio-temporal Model in Disease Mapping under the Bayesian Paradigm during 2011-18 in Guilan, Iran
Background: Congenital Hypothyroidism (CH) is one of the reasons for mental retardation and defective growth in neonates. It can be treated if it is diagnosed early. The congenital hypothyroidism can be diagnosed using newborn screening in the first days after birth. Disease mapping helps to identify high-risk areas of the disease. This study aimed to evaluate the pattern of CH using the Poisso...
متن کاملContext-aware Modeling for Spatio-temporal Data Transmitted from a Wireless Body Sensor Network
Context-aware systems must be interoperable and work across different platforms at any time and in any place. Context data collected from wireless body area networks (WBAN) may be heterogeneous and imperfect, which makes their design and implementation difficult. In this research, we introduce a model which takes the dynamic nature of a context-aware system into consideration. This model is con...
متن کاملMining Association Rules in Spatio-Temporal Data: An Analysis of Urban Socioeconomic and Land Cover Change
This research demonstrates the application of association rule mining to spatio-temporal data. Association rule mining seeks to discover associations among transactions encoded in a database. An association rule takes the form A → B where A (the antecedent) and B (the consequent) are sets of predicates. A spatio-temporal association rule occurs when there is a spatio-temporal relationship in th...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2015