Visible to the public Time Pattern Analysis of Malware by Circular Statistics

TitleTime Pattern Analysis of Malware by Circular Statistics
Publication TypeConference Paper
Year of Publication2017
AuthorsPan, Liuxuan, Tomlinson, Allan, Koloydenko, Alexey A.
Conference NameProceedings of the Symposium on Architectures for Networking and Communications Systems
PublisherIEEE Press
Conference LocationPiscataway, NJ, USA
ISBN Number978-1-5090-6386-4
KeywordsCircular statistics, Human Behavior, human factors, Malware, Metrics, pubcrawl, Resiliency, Scalability, Security Risk Estimation, time patterns, uniformity hypothesis test
Abstract

Circular statistics present a new technique to analyse the time patterns of events in the field of cyber security. We apply this technique to analyse incidents of malware infections detected by network monitoring. In particular we are interested in the daily and weekly variations of these events. Based on "live" data provided by Spamhaus, we examine the hypothesis that attacks on four countries are distributed uniformly over 24 hours. Specifically, we use Rayleigh and Watson tests. While our results are mainly exploratory, we are able to demonstrate that the attacks are not uniformly distributed, nor do they follow a Poisson distribution as reported in other research. Our objective in this is to identify a distribution that can be used to establish risk metrics. Moreover, our approach provides a visual overview of the time patterns' variation, indicating when attacks are most likely. This will assist decision makers in cyber security to allocate resources or estimate the cost of system monitoring during high risk periods. Our results also reveal that the time patterns are influenced by the total number of attacks. Networks subject to a large volume of attacks exhibit bimodality while one case, where attacks were at relatively lower rate, showed a multi-modal daily variation.

URLhttp://ieeexplore.ieee.org/document/7966911/
DOI10.1109/ANCS.2017.26
Citation Keypan_time_2017