Time Pattern Analysis of Malware by Circular Statistics. / Pan, Liuxuan; Tomlinson, Allan; Koloydenko, Alexey.

Architectures for Networking and Communications Systems (ANCS), 2017 ACM/IEEE Symposium on. IEEE, 2017. p. 119-130.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Published

Standard

Time Pattern Analysis of Malware by Circular Statistics. / Pan, Liuxuan; Tomlinson, Allan; Koloydenko, Alexey.

Architectures for Networking and Communications Systems (ANCS), 2017 ACM/IEEE Symposium on. IEEE, 2017. p. 119-130.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Pan, L, Tomlinson, A & Koloydenko, A 2017, Time Pattern Analysis of Malware by Circular Statistics. in Architectures for Networking and Communications Systems (ANCS), 2017 ACM/IEEE Symposium on. IEEE, pp. 119-130. https://doi.org/10.1109/ANCS.2017.26

APA

Pan, L., Tomlinson, A., & Koloydenko, A. (2017). Time Pattern Analysis of Malware by Circular Statistics. In Architectures for Networking and Communications Systems (ANCS), 2017 ACM/IEEE Symposium on (pp. 119-130). IEEE. https://doi.org/10.1109/ANCS.2017.26

Vancouver

Pan L, Tomlinson A, Koloydenko A. Time Pattern Analysis of Malware by Circular Statistics. In Architectures for Networking and Communications Systems (ANCS), 2017 ACM/IEEE Symposium on. IEEE. 2017. p. 119-130 https://doi.org/10.1109/ANCS.2017.26

Author

Pan, Liuxuan ; Tomlinson, Allan ; Koloydenko, Alexey. / Time Pattern Analysis of Malware by Circular Statistics. Architectures for Networking and Communications Systems (ANCS), 2017 ACM/IEEE Symposium on. IEEE, 2017. pp. 119-130

BibTeX

@inproceedings{1f6e2d52a8d04d44af46bab2d667fbe3,
title = "Time Pattern Analysis of Malware by Circular Statistics",
abstract = "Circular statistics present a new technique to analyse the time patterns of events in the field of cyber security. We apply this technique to analyse incidents of malware infections detected by network monitoring. In particular we are interested in the daily and weekly variations of these events.Based on {"}live{"} data provided by Spamhaus, we examine the hypothesis that attacks on four countries are distributed uniformly over 24 hours. Specifically, we use Rayleigh and Watson tests. While our results are mainly exploratory, we are able to demonstrate that the attacks are not uniformly distributed, nor do they follow a Poisson distribution as reported in other research. Our objective in this is to identify a distribution that can be used to establish risk metrics.Moreover, our approach provides a visual overview of the time patterns' variation, indicating when attacks are most likely. This will assist decision makers in cyber security to allocate resources or estimate the cost of system monitoring during high risk periods.Our results also reveal that the time patterns are influenced by the total number of attacks. Networks subject to a large volume of attacks exhibit bimodality while one case, where attacks were at relatively lower rate, showed a multi-modal daily variation.",
keywords = "Circular statistics, malware, time patterns, uniformity hypothesis test",
author = "Liuxuan Pan and Allan Tomlinson and Alexey Koloydenko",
year = "2017",
month = jul,
day = "3",
doi = "10.1109/ANCS.2017.26",
language = "English",
isbn = "978-1-5090-6387-1",
pages = "119--130",
booktitle = "Architectures for Networking and Communications Systems (ANCS), 2017 ACM/IEEE Symposium on",
publisher = "IEEE",

}

RIS

TY - GEN

T1 - Time Pattern Analysis of Malware by Circular Statistics

AU - Pan, Liuxuan

AU - Tomlinson, Allan

AU - Koloydenko, Alexey

PY - 2017/7/3

Y1 - 2017/7/3

N2 - Circular statistics present a new technique to analyse the time patterns of events in the field of cyber security. We apply this technique to analyse incidents of malware infections detected by network monitoring. In particular we are interested in the daily and weekly variations of these events.Based on "live" data provided by Spamhaus, we examine the hypothesis that attacks on four countries are distributed uniformly over 24 hours. Specifically, we use Rayleigh and Watson tests. While our results are mainly exploratory, we are able to demonstrate that the attacks are not uniformly distributed, nor do they follow a Poisson distribution as reported in other research. Our objective in this is to identify a distribution that can be used to establish risk metrics.Moreover, our approach provides a visual overview of the time patterns' variation, indicating when attacks are most likely. This will assist decision makers in cyber security to allocate resources or estimate the cost of system monitoring during high risk periods.Our results also reveal that the time patterns are influenced by the total number of attacks. Networks subject to a large volume of attacks exhibit bimodality while one case, where attacks were at relatively lower rate, showed a multi-modal daily variation.

AB - Circular statistics present a new technique to analyse the time patterns of events in the field of cyber security. We apply this technique to analyse incidents of malware infections detected by network monitoring. In particular we are interested in the daily and weekly variations of these events.Based on "live" data provided by Spamhaus, we examine the hypothesis that attacks on four countries are distributed uniformly over 24 hours. Specifically, we use Rayleigh and Watson tests. While our results are mainly exploratory, we are able to demonstrate that the attacks are not uniformly distributed, nor do they follow a Poisson distribution as reported in other research. Our objective in this is to identify a distribution that can be used to establish risk metrics.Moreover, our approach provides a visual overview of the time patterns' variation, indicating when attacks are most likely. This will assist decision makers in cyber security to allocate resources or estimate the cost of system monitoring during high risk periods.Our results also reveal that the time patterns are influenced by the total number of attacks. Networks subject to a large volume of attacks exhibit bimodality while one case, where attacks were at relatively lower rate, showed a multi-modal daily variation.

KW - Circular statistics

KW - malware

KW - time patterns

KW - uniformity hypothesis test

U2 - 10.1109/ANCS.2017.26

DO - 10.1109/ANCS.2017.26

M3 - Conference contribution

SN - 978-1-5090-6387-1

SP - 119

EP - 130

BT - Architectures for Networking and Communications Systems (ANCS), 2017 ACM/IEEE Symposium on

PB - IEEE

ER -