ﻻ يوجد ملخص باللغة العربية
The growing commoditization of the underground economy has given rise to malware delivery networks, which charge fees for quickly delivering malware or unwanted software to a large number of hosts. To provide this service, a key method is the orchestration of silent delivery campaigns, which involve a group of downloaders that receive remote commands and that deliver their payloads without any user interaction. These campaigns have not been characterized systematically, unlike other aspects of malware delivery networks. Moreover, silent delivery campaigns can evade detection by relying on inconspicuous downloaders on the client side and on disposable domain names on the server side. We describe Beewolf, a system for detecting silent delivery campaigns from Internet-wide records of download events. The key observation behind our system is that the downloaders involved in these campaigns frequently retrieve payloads in lockstep. Beewolf identifies such locksteps in an unsupervised and deterministic manner. By exploiting novel techniques and empirical observations, Beewolf can operate on streaming data. We utilize Beewolf to study silent delivery campaigns at scale, on a data set of 33.3 million download events. This investigation yields novel findings, e.g. malware distributed through compromised software update channels, a substantial overlap between the delivery ecosystems for malware and unwanted software, and several types of business relationships within these ecosystems. Beewolf achieves over 92% true positives and fewer than 5% false positives. Moreover, Beewolf can detect suspicious downloaders a median of 165 days ahead of existing anti-virus products and payload-hosting domains a median of 196 days ahead of existing blacklists.
Content delivery networks (CDNs) provide efficient content distribution over the Internet. CDNs improve the connectivity and efficiency of global communications, but their caching mechanisms may be breached by cyber-attackers. Among the security mech
Malware abuses TLS to encrypt its malicious traffic, preventing examination by content signatures and deep packet inspection. Network detection of malicious TLS flows is an important, but challenging, problem. Prior works have proposed supervised mac
Register Files (RFs) are the most frequently accessed memories in a microprocessor for fast and efficient computation and control logic. Segment registers and control registers are especially critical for maintaining the CPU mode of execution that de
Cooperative behaviour constitutes a key aspect of both human society and non-human animal systems, but explaining how cooperation evolves represents a major scientific challenge. It is now well established that social network structure plays a centra
URLs are central to a myriad of cyber-security threats, from phishing to the distribution of malware. Their inherent ease of use and familiarity is continuously abused by attackers to evade defences and deceive end-users. Seemingly dissimilar URLs ar