Malware propagation in fully connected networks: A netflow-based analysis

摘要

Malware attacks have become ubiquitous in modern large data-centric networks. Therefore advanced malware threat detection and related countermeasures are an important paradigm in cybersecurity research. This work studies malware propagation in fully connected networks, where network topology plays a minimal role in lateral spread within the network. The live netflow and perimeter alert data used in this study contrasts with other previous works due to the unavailability of ground truth for any attack type. Important features calculated from the netflow data as well as a novel ring-based flow model are described. These are helpful in tracking possible malware flow within the network. The results show that relevant features can be used to draw inferences about the propagation of certain classes of malware attacks.