Abstract
Malware distribution networks are a huge network that involves in malware distribution. We do not much realize the seriousness of the network in daily life. Until now, the works to analyze the network have been studied, but they are still limited because many researchers focused on detection, not investigating the internal structures of malware distribution networks. In this circumstance, the recent works tried to analyze the malware distribution networks in terms of social network analysis based on graph theories. They analyzed the malware distribution networks with nodes used in malware distribution such as malicious URLs, FQDN, malware and IPs, generated during drive-by downloads, or appeared outbound contacts. However, this approach is still lack in understandings malware distribution networks. In this study, we realized that degree (or closeness, betweenness, or eigenvector) centrality measures are beneficial in finding central nodes engaging in malware distribution. This central information is by far valuable in understanding the properties of malicious network infrastructure. For instance, from degree centrality measures, we realized that malware distribution networks show high in-degree, while benign networks present high out-degree. This result offers artifacts that classify malicious networks from benign networks. After all, this study provides fundamental information to help distinguish heterogeneous networks useful in future research.
Highlights
Tracking malware distributors on the Internet is a difficult task
Prior many studies have focused on the detection of malicious URL itself or exploit kits that are linked to the malicious URLs
To analyze network difference between benign and malicious networks was very limited because many studies were centralized to malware detection rather than the understanding of harmless networks
Summary
Tracking malware distributors on the Internet is a difficult task. to tackle malware delivery, to find distributors that orchestrate malware diffusion is critical, for which we need to understand the characteristics of a malware distribution network (MDN).This MDN is directly associated with cyberextortion such as voice phishing, pharming, ransomware, and the recent bitcoin thefts. To tackle malware delivery, to find distributors that orchestrate malware diffusion is critical, for which we need to understand the characteristics of a malware distribution network (MDN). The size of MDNs has been significantly expanded due to the increase in cybercrime above, which was driven by attackers’ monetary profit In this attack, attackers utilize each different role of malicious URLs to distribute malware. Attackers use redirection links and forward users automatically to target sites so that the user does not know the path that brought them to those sites They use redirects with codes that exploit the user’s PC, and redirects that download malware after successful attacks. In this malicious network construction, attackers leave footprints that reveal malicious
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
