HARMUR: storing and analyzing historic data on malicious domains

From Botnets.fr
Revision as of 14:29, 28 March 2012 by Eric.freyssinet (talk | contribs) (Page créée avec « {{Publication |Image= |Legend= |Document= |Licence= |Video= |Link=http://www.cs.bham.ac.uk/~covam/publications/badgers2011harmur.html www.cs.bham.ac.uk |Author=Corrado ... »)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

HARMUR: storing and analyzing historic data on malicious domains
Botnet
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2011 / 2011
Editor/Conference ACM
Link http://www.cs.bham.ac.uk/~covam/publications/badgers2011harmur.html www.cs.bham.ac.uk (www.cs.bham.ac.uk Archive copy)
Author Corrado Leita, Marco Cova
Type

Abstract

A large amount of work has been done to develop tools and techniques to detect and study the presence of threats on the web. This includes, for instance, the development of a variety of different client honeypot techniques for the detection and study of drive-by downloads, as well as the creation of blacklists to prevent users from visiting malicious web pages. Due to the extent of the web and the scale of the problem, existing work typically focuses on the collection of information on the current state of web pages and does not take into account the temporal dimension of the problem.

In this paper we describe HARMUR, a security dataset developed in the context of the WOMBAT project that aims at exploring the dynamics of the security and contextual information associated to malicious domains. We detail the design decisions that have led to the creation of an easily extendible architecture, and describe the characteristics of the underlying dataset. Finally, we demonstrate through examples the value of the collected information, and the importance of tracking the evolution of the state of malicious domains to gather a more complete picture on the threat landscape.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR961,
   editor = {ACM},
   author = {Corrado Leita, Marco Cova},
   title = {HARMUR: storing and analyzing historic data on malicious domains},
   date = {05},
   month = May,
   year = {2011},
   howpublished = {\url{http://www.cs.bham.ac.uk/~covam/publications/badgers2011harmur.html www.cs.bham.ac.uk}},
 }

Retrieved from "https://www.botnets.fr/index.php?title=HARMUR:_storing_and_analyzing_historic_data_on_malicious_domains&oldid=2124"