Abstract
Malicious domain names are useful for cybercrime, but can be easily blocked by blacklists. To avoid a single point of failure, cybercriminals use domain generation algorithm to generate a large number of malicious domains. Once the victim's machine is infected with malware, the malware tends to connect to malicious domain names to commit cybercrimes, such as waiting for remote control commands or sending malware feedback. Therefore, how to detect these malicious connections has been a hot research topic in information security. In this paper, a new method of tracking malicious domain and victim machine by scalability system named CC-Tracker (Cyber Criminal Tracker) based on HTTP is presented. CC-Tracker extracts 12 features from HTTP traffic using MapReduce framework based Interaction Profiling Bipartite Graph mining. Experimental results show that CC-Tracker can reach 99% AUC in the evaluation benchmark. In addition in the deployment environment found new malicious domain of network traffic, and dig out the hidden in the enterprise, the victims of the machine these malicious domain are a threat to other online reputation system can't identify. The scalability and applicability of CC-Tracker are demonstrated by experiments on the real-world environment.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
