poster

Poster: On the Application of NLP to Discover Relationships between Malicious Network Entities

Authors:

Giuseppe Siracusano,

Martino Trevisan,

Roberto Gonzalez,

Roberto BifulcoAuthors Info & Claims

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Pages 2641 - 2643

https://doi.org/10.1145/3319535.3363276

Published: 06 November 2019 Publication History

Get Access

Abstract

The increase in network traffic volumes challenges the scalability of security analysis tools. In this paper, we present NetLearn, a solution to identify potentially malicious network entities from large amounts of network traffic data. NetLearn applies recently developed natural language processing algorithms to discover security-relevant relationships between the observed network entities, e.g., domain names and IP addresses, without requiring external sources of information for its analysis.

References

[1]

2019. Virus Total. https://www.virustotal.com.

Google Scholar

[2]

Deepak Kumar, Zane Ma, Zakir Durumeric, Ariana Mirian, Joshua Mason, J Alex Halderman, and Michael Bailey. 2017. Security challenges in an increasingly tangled web. In Proceedings of the 26th International Conference on World Wide Web. International World Wide Web Conferences Steering Committee, 677--684.

Digital Library

Google Scholar

[3]

Chaz Lever, Platon Kotzias, Davide Balzarotti, Juan Caballero, and Manos Antonakakis. 2017. A lustrum of malware network communication: Evolution and insights. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 788--804.

Crossref

Google Scholar

[4]

Gianluca Stringhini, Christopher Kruegel, and Giovanni Vigna. 2013. Shady paths: Leveraging surfing crowds to detect malicious web pages. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. ACM, 133--144.

Digital Library

Google Scholar

[5]

Martino Trevisan, Alessandro Finamore, Marco Mellia, Maurizio Munafo, and Dario Rossi. 2017. Traffic analysis with off-the-shelf hardware: Challenges and lessons learned. IEEE Communications Magazine 55, 3 (2017), 163--169.

Digital Library

Google Scholar

[6]

Yury Zhauniarovich, Issa Khalil, Ting Yu, and Marc Dacier. 2018. A survey on malicious domains detection through DNS data analysis. ACM Computing Surveys (CSUR) 51, 4 (2018), 67.

Digital Library

Google Scholar

Cited By

View all

Sanvito DSiracusano GGonzalez RBifulco R(2022)Prediphant: Short Term Heavy User Prediction2022 13th International Symposium on Communication Systems, Networks and Digital Signal Processing (CSNDSP)10.1109/CSNDSP54353.2022.9907909(704-709)Online publication date: 20-Jul-2022
https://doi.org/10.1109/CSNDSP54353.2022.9907909
Shen GQin YWang WYu MGuo C(2021)Distant Supervision for Relations Extraction via Deep Residual Learning and Multi-instance Attention in CybersecuritySecurity and Privacy in New Computing Environments10.1007/978-3-030-66922-5_10(151-161)Online publication date: 22-Jan-2021
https://doi.org/10.1007/978-3-030-66922-5_10
Shen GWang WMu QPu YQin YYu M(2020)Data-Driven Cybersecurity Knowledge Graph Construction for Industrial Control System SecurityWireless Communications & Mobile Computing10.1155/2020/88836962020Online publication date: 1-Jan-2020
https://dl.acm.org/doi/10.1155/2020/8883696

Index Terms

Poster: On the Application of NLP to Discover Relationships between Malicious Network Entities
1. Networks
  1. Network properties
    1. Network security
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
  2. Network security

Recommendations

POSTER: Toward Automating the Generation of Malware Analysis Reports Using the Sandbox Logs
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

In recent years, the number of new examples of malware has continued to increase. To create effective countermeasures, security specialists often must manually inspect vast sandbox logs produced by the dynamic analysis method. Conversely, antivirus ...
Improved Blacklisting: Inspecting the Structural Neighborhood of Malicious URLs

Filtering based on blacklists is a major countermeasure against malicious websites. However, blacklists must be updated because malicious URLs tend to be short-lived, and they can be partially mutated to avoid blacklisting. Due to these characteristics, ...
POSTER: A Lightweight Unknown HTTP Botnets Detecting and Characterizing System
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

The ability of the HTTP protocol to bypass Firewalls and IDSs has resulted in it becoming the most popular command and control (C&C) protocol adopted for use by most current botnets. To date, most botnet detection approaches either operate at packet-...

Comments

Information & Contributors

Information

Published In

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

November 2019

2755 pages

ISBN:9781450367479

DOI:10.1145/3319535

General Chairs:
Lorenzo Cavallaro
King's College London, UK
,
Johannes Kinder
Bundeswehr University Munich, Germany
,
Program Chairs:
XiaoFeng Wang
Indiana University, USA
,
Jonathan Katz
George Mason University, USA

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 November 2019

Check for updates

Author Tags

Qualifiers

Poster

Conference

CCS '19

Sponsor:

SIGSAC

CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security

November 11 - 15, 2019

London, United Kingdom

Acceptance Rates

CCS '19 Paper Acceptance Rate 149 of 934 submissions, 16%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
361
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)1

Reflects downloads up to 22 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Sanvito DSiracusano GGonzalez RBifulco R(2022)Prediphant: Short Term Heavy User Prediction2022 13th International Symposium on Communication Systems, Networks and Digital Signal Processing (CSNDSP)10.1109/CSNDSP54353.2022.9907909(704-709)Online publication date: 20-Jul-2022
https://doi.org/10.1109/CSNDSP54353.2022.9907909
Shen GQin YWang WYu MGuo C(2021)Distant Supervision for Relations Extraction via Deep Residual Learning and Multi-instance Attention in CybersecuritySecurity and Privacy in New Computing Environments10.1007/978-3-030-66922-5_10(151-161)Online publication date: 22-Jan-2021
https://doi.org/10.1007/978-3-030-66922-5_10
Shen GWang WMu QPu YQin YYu M(2020)Data-Driven Cybersecurity Knowledge Graph Construction for Industrial Control System SecurityWireless Communications & Mobile Computing10.1155/2020/88836962020Online publication date: 1-Jan-2020
https://dl.acm.org/doi/10.1155/2020/8883696

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

POSTER: Toward Automating the Generation of Malware Analysis Reports Using the Sandbox Logs

Improved Blacklisting: Inspecting the Structural Neighborhood of Malicious URLs

POSTER: A Lightweight Unknown HTTP Botnets Detecting and Characterizing System

Comments

Information

Published In

Sponsors

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations