Kruczkowski, M; Niewiadomska-Szynkiewicz, E; Kozakiewicz, A
In this paper, we investigate the problem of detecting correlations among datasets containing malicious data concerned with various types of network attacks and related events of the infections taken from a numerous sources and organizations. We propose a graph based technique to depict relationships between malicious data based on values of attributes related both to attackers and victims, and referred to different layers of the OSI model. The presented model can be used to fast, automatic identification of malware campaigns. The case study described in the paper demonstrates the performance of our method.
Słowa kluczowe: Malware, IP networks, Servers, Correlation, Databases, Software, Uniform resource locators