Visualizing a Malware Distribution Network

Sebastian Peryt, Jose Andre Morales, William Casey, Aaron Volkmann, Bhubaneswar Mishra, Yang Cai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In this paper, we present a case study of visual analytics of a Malware Distribution Network (MDN), a connected set of maliciously compromised domains used to disseminate malicious software to victimize computers and users. We formally define the graph of an MDN to visualize top-level-domain (TLD) data collected from Google Safe Browsing reports in a temporal manner characterizing the topological structure. From the collected data, we were able to identify and label a TLD's role in malware distribution. The visual analytics provided insights on the topological structure of MDNs over time including highly connected and persistent TLDs and subnetworks.

Original languageEnglish (US)
Title of host publication2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781509016051
DOIs
StatePublished - Nov 8 2016
Event2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016 - Baltimore, United States
Duration: Oct 24 2016 → …

Other

Other2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016
CountryUnited States
CityBaltimore
Period10/24/16 → …

Fingerprint

Malware
Distribution Network
Electric power distribution
Visual Analytics
Topological Structure
Connected Set
Browsing
Labels
Software
Graph in graph theory

Keywords

  • behavioral graph
  • Google Safe Browsing
  • malware
  • malware distribution network
  • top-level domain
  • visualization

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Media Technology
  • Modeling and Simulation

Cite this

Peryt, S., Andre Morales, J., Casey, W., Volkmann, A., Mishra, B., & Cai, Y. (2016). Visualizing a Malware Distribution Network. In 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016 [7739585] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/VIZSEC.2016.7739585

Visualizing a Malware Distribution Network. / Peryt, Sebastian; Andre Morales, Jose; Casey, William; Volkmann, Aaron; Mishra, Bhubaneswar; Cai, Yang.

2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016. Institute of Electrical and Electronics Engineers Inc., 2016. 7739585.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Peryt, S, Andre Morales, J, Casey, W, Volkmann, A, Mishra, B & Cai, Y 2016, Visualizing a Malware Distribution Network. in 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016., 7739585, Institute of Electrical and Electronics Engineers Inc., 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016, Baltimore, United States, 10/24/16. https://doi.org/10.1109/VIZSEC.2016.7739585
Peryt S, Andre Morales J, Casey W, Volkmann A, Mishra B, Cai Y. Visualizing a Malware Distribution Network. In 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016. Institute of Electrical and Electronics Engineers Inc. 2016. 7739585 https://doi.org/10.1109/VIZSEC.2016.7739585
Peryt, Sebastian ; Andre Morales, Jose ; Casey, William ; Volkmann, Aaron ; Mishra, Bhubaneswar ; Cai, Yang. / Visualizing a Malware Distribution Network. 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016. Institute of Electrical and Electronics Engineers Inc., 2016.
@inproceedings{e9ba5095913845dabf11c367e5fcedda,
title = "Visualizing a Malware Distribution Network",
abstract = "In this paper, we present a case study of visual analytics of a Malware Distribution Network (MDN), a connected set of maliciously compromised domains used to disseminate malicious software to victimize computers and users. We formally define the graph of an MDN to visualize top-level-domain (TLD) data collected from Google Safe Browsing reports in a temporal manner characterizing the topological structure. From the collected data, we were able to identify and label a TLD's role in malware distribution. The visual analytics provided insights on the topological structure of MDNs over time including highly connected and persistent TLDs and subnetworks.",
keywords = "behavioral graph, Google Safe Browsing, malware, malware distribution network, top-level domain, visualization",
author = "Sebastian Peryt and {Andre Morales}, Jose and William Casey and Aaron Volkmann and Bhubaneswar Mishra and Yang Cai",
year = "2016",
month = "11",
day = "8",
doi = "10.1109/VIZSEC.2016.7739585",
language = "English (US)",
booktitle = "2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

TY - GEN

T1 - Visualizing a Malware Distribution Network

AU - Peryt, Sebastian

AU - Andre Morales, Jose

AU - Casey, William

AU - Volkmann, Aaron

AU - Mishra, Bhubaneswar

AU - Cai, Yang

PY - 2016/11/8

Y1 - 2016/11/8

N2 - In this paper, we present a case study of visual analytics of a Malware Distribution Network (MDN), a connected set of maliciously compromised domains used to disseminate malicious software to victimize computers and users. We formally define the graph of an MDN to visualize top-level-domain (TLD) data collected from Google Safe Browsing reports in a temporal manner characterizing the topological structure. From the collected data, we were able to identify and label a TLD's role in malware distribution. The visual analytics provided insights on the topological structure of MDNs over time including highly connected and persistent TLDs and subnetworks.

AB - In this paper, we present a case study of visual analytics of a Malware Distribution Network (MDN), a connected set of maliciously compromised domains used to disseminate malicious software to victimize computers and users. We formally define the graph of an MDN to visualize top-level-domain (TLD) data collected from Google Safe Browsing reports in a temporal manner characterizing the topological structure. From the collected data, we were able to identify and label a TLD's role in malware distribution. The visual analytics provided insights on the topological structure of MDNs over time including highly connected and persistent TLDs and subnetworks.

KW - behavioral graph

KW - Google Safe Browsing

KW - malware

KW - malware distribution network

KW - top-level domain

KW - visualization

UR - http://www.scopus.com/inward/record.url?scp=85006852847&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85006852847&partnerID=8YFLogxK

U2 - 10.1109/VIZSEC.2016.7739585

DO - 10.1109/VIZSEC.2016.7739585

M3 - Conference contribution

BT - 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016

PB - Institute of Electrical and Electronics Engineers Inc.

ER -