Loading [a11y]/accessibility-menu.js
Evaluating randomness in cyber attack textual artifacts | IEEE Conference Publication | IEEE Xplore

Evaluating randomness in cyber attack textual artifacts


Abstract:

Textual data indicators can provide valuable insight to identify potential malicious activity. There are various scenarios where cyber attacks will leave textual clues, e...Show More

Abstract:

Textual data indicators can provide valuable insight to identify potential malicious activity. There are various scenarios where cyber attacks will leave textual clues, examples include domain names, keys/passwords, text strings that are encoded in program files, etc. Several techniques can be used to evaluate if these textual clues provide useful information for the purpose of detecting attacks. In this paper, we aim at finding out whether the textual data can be considered human generated or randomly generated through computer algorithms. Here we specifically consider textual artifacts of filenames. As dropping/copying/creating files with randomly-generated filenames is a common behavior of malware, detecting this behavior through detecting randomly-generated filenames would help identifying a cyber attack. For this purpose, we discuss several features designed to differentiate randomly generated text from human generated text, where text is a filename, and then we build a classification model based on these features. On test data of 1 mil human-generated file names and 1 mil randomly generated filenames, our model gets an accuracy of 98.2940% in classifying human-generated filenames, and an accuracy of 97.8378% in classifying randomly generated filenames.
Date of Conference: 01-03 June 2016
Date Added to IEEE Xplore: 09 June 2016
Electronic ISBN:978-1-5090-2922-8
Electronic ISSN: 2159-1245
Conference Location: Toronto, ON, Canada

References

References is not available for this document.