Abstract
In this study, the structural characteristics of malware distribution networks (MDNs) were examined and the network centrality of the relationships between websites containing malware, infection sites, intermediate connection sites, and initial connection sites were analyzed. The core malware sites within MDNs that contribute to the success of cyberattacks were identified, and the overall risk of the MDNs, which changes dynamically, was examined quantitatively to predict additional attacks. As such, real-time security events occurring in the information security systems of target organizations were collected and analyzed, and different types of security intelligence were assessed to recreate various MDNs. In addition, the risk levels of malicious URLs, IPs, etc. in MDNs were analyzed continuously over time, and a model suitable for predicting potential attack times was developed. The developed model identified the characteristics of potential future cyberattacks based on the analyzed initial MDN risk level, as well as the connectivity of and malware associated with the MDN, which change over time, thereby maintaining an average prediction accuracy of 94.9% over one week.
Highlights
Intelligent cyberattacks (advanced persistent threats (APTs)) [1], have become continuous, targeted, and specialized
Each system collects data related to external links, which constitute secondary analysis results obtained by analyzing the malware collected from the systems being monitored, as well as primary analysis results regarding the in/out network traffic that is generated by the organization
The experiment started with this information and an malware distribution networks (MDNs) centered on the target organization was created
Summary
Intelligent cyberattacks (advanced persistent threats (APTs)) [1], have become continuous, targeted, and specialized In response to these threats, various information security solutions are being developed, and research and development projects are being conducted. It is still difficult for decision-makers, such as directors of computer emergency response teams and information security solution operators, to determine the importance of numerous malware sites and malware types that are detected or the order of priority for related event processing, such as blocking [2]. A network centrality analysis (NCA) method is proposed for calculating the potential risks of malware sites and MDNs. Our proposed NCA model supports multidimensional analysis of the relationship between nodes.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
