TWC: Medium: Collaborative: Know Thy Enemy: Data Mining Meets Networks for Understanding Web-Based Malware Dissemination

TWC：媒介：协作：了解你的敌人：数据挖掘与网络结合以了解基于 Web 的恶意软件传播

• 批准号: 1314935
• 负责人: Michalis Faloutsos
• 金额: $ 33.3万
• 依托单位: University of New Mexico
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2013
• 资助国家: 美国
• 起止时间: 2013-09-01 至 2016-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1314935&HistoricalAwards=false
• 关键词: TWC; Medium; Collaborative; Know; Thy

How does web-based malware spread? We use the term web-based malware to describe malware that is distributed through websites, and malicious posts in social networks. We are in an arms race against web-based malware distributors; and as in any war, knowledge is power. The more we know about them, the better we can defend ourselves. Our goal is to understand the dissemination of web-based malware by creating "MalScope", a suite of methods and tools that uses cutting-edge approaches to build spatiotemporal models, generators and sampling techniques for malware dissemination. From a scientific point of view, this project brings together two disciplines: Data Mining and Network Security. The outcome is a suite of novel, sophisticated, and scalable techniques and models that will enhance our understanding of malware dissemination at a large scale. We use two types of web-based malware dissemination data: (1) user machines accessing dangerous sites and downloading web-based malware; and (2) Facebook users being exposed to malicious posts. We already have and will continue to obtain more data from our industry partners (e.g. Symantec's WINE project), open-access projects, or collect on our own (e.g MyPageKeeper).The broader impact of our work is that it will enable the development of security solutions for end-users and industry. A 15-minute network outage costs a 200-employee company about $40K, while identity theft costs about $1,500 per person on average. By knowing the enemy better, security researchers and industry can more effectively stop the interconnected manifestations of Internet threats: identity theft, the creation of botnets, and DoS attacks. The PIs have a track record of technology transfer, with collaborators at industrial labs (Yahoo, MSR, Symantec, AT&T, IBM), national labs (LLNL, Sandia), open-source software (``Pegasus''), and spin-off startups (StopTheHacker). Educational impacts include developing a new course, providing publicly available educational material, and open-source software.

基于Web的恶意软件如何传播？我们使用基于Web的恶意软件来描述通过网站分发的恶意软件以及社交网络中的恶意帖子。我们正在与基于网络的恶意软件分销商进行军备竞赛;就像在任何战争中一样，知识就是力量。 我们对他们了解得越多，我们就能越好地保护自己。我们的目标是通过创建“MalScope”来了解基于网络的恶意软件的传播，“MalScope”是一套方法和工具，使用尖端方法来构建用于恶意软件传播的时空模型、生成器和采样技术。从科学的角度来看，该项目汇集了两个学科：数据挖掘和网络安全。其结果是一套新颖，复杂，可扩展的技术和模型，将提高我们对恶意软件传播的大规模理解。我们使用两种基于Web的恶意软件传播数据：（1）用户机器访问危险站点并下载基于Web的恶意软件;（2）Facebook用户暴露于恶意帖子。我们已经并将继续从我们的行业合作伙伴（例如赛门铁克的WINE项目）、开放访问项目或我们自己收集（例如MyPageKeeper）获得更多数据。我们工作的更广泛影响是，它将使最终用户和行业的安全解决方案的开发成为可能。 一家拥有200名员工的公司因15分钟的网络中断而损失约4万美元，而身份盗窃平均每人损失约1,500美元。通过更好地了解敌人，安全研究人员和行业可以更有效地阻止互联网威胁的相互关联的表现形式：身份盗窃，僵尸网络的创建和DoS攻击。PI拥有技术转让的跟踪记录，与工业实验室（Yahoo，MSR，Symantec，AT T，IBM），国家实验室（LLNL，Sandia），开源软件（“Pegasus”）和分拆创业公司（StopTheHacker）的合作者。教育影响包括开发新课程，提供公开的教育材料和开源软件。