TWC: Medium: Collaborative: Know Thy Enemy: Data Mining Meets Networks for Understanding Web-Based Malware Dissemination

TWC：媒介：协作：了解你的敌人：数据挖掘与网络结合以了解基于 Web 的恶意软件传播

• 批准号: 1638219
• 负责人: Michalis Faloutsos
• 金额: $ 5.23万
• 依托单位: University of California-Riverside
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-01-28 至 2017-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1638219&HistoricalAwards=false
• 关键词: TWC; Medium; Collaborative; Know; Thy

How does web-based malware spread? We use the term web-based malware to describe malware that is distributed through websites, and malicious posts in social networks. We are in an arms race against web-based malware distributors; and as in any war, knowledge is power. The more we know about them, the better we can defend ourselves. Our goal is to understand the dissemination of web-based malware by creating "MalScope", a suite of methods and tools that uses cutting-edge approaches to build spatiotemporal models, generators and sampling techniques for malware dissemination. From a scientific point of view, this project brings together two disciplines: Data Mining and Network Security. The outcome is a suite of novel, sophisticated, and scalable techniques and models that will enhance our understanding of malware dissemination at a large scale. We use two types of web-based malware dissemination data: (1) user machines accessing dangerous sites and downloading web-based malware; and (2) Facebook users being exposed to malicious posts. We already have and will continue to obtain more data from our industry partners (e.g. Symantec's WINE project), open-access projects, or collect on our own (e.g MyPageKeeper).The broader impact of our work is that it will enable the development of security solutions for end-users and industry. A 15-minute network outage costs a 200-employee company about $40K, while identity theft costs about $1,500 per person on average. By knowing the enemy better, security researchers and industry can more effectively stop the interconnected manifestations of Internet threats: identity theft, the creation of botnets, and DoS attacks. The PIs have a track record of technology transfer, with collaborators at industrial labs (Yahoo, MSR, Symantec, AT&T, IBM), national labs (LLNL, Sandia), open-source software ("Pegasus"), and spin-off startups (StopTheHacker). Educational impacts include developing a new course, providing publicly available educational material, and open-source software.

基于Web的恶意软件如何传播？我们使用一词基于Web的恶意软件来描述通过网站和社交网络中的恶意帖子分发的恶意软件。我们正在与基于网络的恶意软件分销商进行军备竞赛； 就像在任何战争中一样，知识就是力量。 我们对它们的了解越多，我们就会越能为自己辩护。我们的目标是通过创建“ malscope”来了解基于Web的恶意软件的传播，这是一套使用尖端方法来构建时空模型，生成器和采样技术以进行恶意软件传播的方法和工具。从科学的角度来看，该项目汇集了两个学科：数据挖掘和网络安全。结果是一套新颖，复杂和可扩展的技术和模型，可以增强我们对恶意软件传播的理解。我们使用两种类型的基于Web的恶意软件传播数据：（1）访问危险站点并下载基于Web的恶意软件的用户机器； （2）Facebook用户接触恶意帖子。我们已经并且将继续从行业合作伙伴（例如Symantec的葡萄酒项目），开放式项目或自己收集（例如MypageKeeper）中获得更多数据。我们工作的更广泛影响是，它将为最终用户和行业提供安全解决方案的开发。 15分钟的网络中断的价格为一家200雇员公司约4万美元，而身份盗用的平均价格约为每人约1,500美元。通过更好地了解敌人，安全研究人员和行业可以更有效地阻止互联网威胁的互连表现：身份盗用，僵尸网络的创建和DOS攻击。 PI与工业实验室（Yahoo，MSR，Symantec，AT＆T，IBM），National Labs（LLNL，Sandia），开源软件（“ Pegasus”）和Spion-off Startups（StopTheHacker）与工业实验室（Yahoo，Symantec，IBM），国家实验室（LLNL，Sandia），National Labs（LLNL，Sandia），国家实验室（LLNL，Sandia），以及National Labs（LLNL，Sandia），以及National Labs（LLNL，Sandia），具有技术转移的记录。教育影响包括开发一门新课程，提供公开可用的教育材料和开源软件。