Analysis of Rogue Anti-Virus Campaigns Using Hidden Structures in k-Partite Graphs

摘要

Driven by the potential economic profits, cyber-criminals are on the rise and use the Web to exploit unsuspecting users. Indeed, a real underground black market with thousands of collaborating organizations and individuals has developed, which brings together malicious users who trade exploits, malware, virtual assets, stolen credentials, and more. Among the various malicious activities of cyber-criminals, rogue security software campaigns have evolved into one of the most lucrative criminal operations on the Internet. In this paper, we present a novel method to analyze rogue security software campaigns, by studying a number of different features that are related to their operation. Contrary to existing data mining techniques for multivariate data, which are mostly based on the definition of appropriate proximity measures on a per-feature basis and data fusion techniques to combine per-feature mining results, we take advantage of the structural properties of the k-partite graph formed by considering the natural interconnections between objects of different types. We show that the proposed method is straightforward, fast and scalable. The results of the analysis of rogue security software campaigns are further assessed by a visual analysis tool and their accuracy is documented.