Tampere University of Technology

TUTCRIS Research Portal

A post-mortem empirical investigation of the popularity and distribution of malware files in the contemporary web-facing internet

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

Standard

A post-mortem empirical investigation of the popularity and distribution of malware files in the contemporary web-facing internet. / Ruohonen, Jukka; Scepanovic, Sanja; Hyrynsalmi, Sami; Mishkovski, Igor; Aura, Tuomas; Leppänen, Ville.

Proceedings - 2016 European Intelligence and Security Informatics Conference, EISIC 2016 : : 7th European Intelligence and Security Informatics Conference, Uppsala; Sweden; 17 - 19 August 2016.. ed. / J. Brynielsson; F. Johansson . IEEE, 2017. p. 144-147.

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

Harvard

Ruohonen, J, Scepanovic, S, Hyrynsalmi, S, Mishkovski, I, Aura, T & Leppänen, V 2017, A post-mortem empirical investigation of the popularity and distribution of malware files in the contemporary web-facing internet. in J Brynielsson & F Johansson (eds), Proceedings - 2016 European Intelligence and Security Informatics Conference, EISIC 2016 : : 7th European Intelligence and Security Informatics Conference, Uppsala; Sweden; 17 - 19 August 2016.. IEEE, pp. 144-147, EUROPEAN INTELLIGENCE AND SECURITY INFORMATICS CONFERENCE, 1/01/00. https://doi.org/10.1109/EISIC.2016.037

APA

Ruohonen, J., Scepanovic, S., Hyrynsalmi, S., Mishkovski, I., Aura, T., & Leppänen, V. (2017). A post-mortem empirical investigation of the popularity and distribution of malware files in the contemporary web-facing internet. In J. Brynielsson, & F. Johansson (Eds.), Proceedings - 2016 European Intelligence and Security Informatics Conference, EISIC 2016 : : 7th European Intelligence and Security Informatics Conference, Uppsala; Sweden; 17 - 19 August 2016. (pp. 144-147). IEEE. https://doi.org/10.1109/EISIC.2016.037

Vancouver

Ruohonen J, Scepanovic S, Hyrynsalmi S, Mishkovski I, Aura T, Leppänen V. A post-mortem empirical investigation of the popularity and distribution of malware files in the contemporary web-facing internet. In Brynielsson J, Johansson F, editors, Proceedings - 2016 European Intelligence and Security Informatics Conference, EISIC 2016 : : 7th European Intelligence and Security Informatics Conference, Uppsala; Sweden; 17 - 19 August 2016.. IEEE. 2017. p. 144-147 https://doi.org/10.1109/EISIC.2016.037

Author

Ruohonen, Jukka ; Scepanovic, Sanja ; Hyrynsalmi, Sami ; Mishkovski, Igor ; Aura, Tuomas ; Leppänen, Ville. / A post-mortem empirical investigation of the popularity and distribution of malware files in the contemporary web-facing internet. Proceedings - 2016 European Intelligence and Security Informatics Conference, EISIC 2016 : : 7th European Intelligence and Security Informatics Conference, Uppsala; Sweden; 17 - 19 August 2016.. editor / J. Brynielsson ; F. Johansson . IEEE, 2017. pp. 144-147

Bibtex - Download

@inproceedings{6e437782bd6643f28bdcab43535b37f8,
title = "A post-mortem empirical investigation of the popularity and distribution of malware files in the contemporary web-facing internet",
abstract = "This short empirical paper investigates a snapshot of about two million files from a continuously updated big data collection maintained by F-Secure for security intelligence purposes. By further augmenting the snapshot with open data covering about a half of a million files, the paper examines two questions: (a) what is the shape of a probability distribution characterizing the relative share of malware files to all files distributed from web-facing Internet domains, and (b) what is the distribution shaping the popularity of malware files? A bimodal distribution is proposed as an answer to the former question, while a graph theoretical definition for the popularity concept indicates a long-tailed, extreme value distribution. With these two questions - and the answers thereto, the paper contributes to the attempts to understand large-scale characteristics of malware at the grand population level - at the level of the whole Internet.",
keywords = "Malware, Security intelligence, Web crawling",
author = "Jukka Ruohonen and Sanja Scepanovic and Sami Hyrynsalmi and Igor Mishkovski and Tuomas Aura and Ville Lepp{\"a}nen",
year = "2017",
month = "3",
day = "2",
doi = "10.1109/EISIC.2016.037",
language = "English",
pages = "144--147",
editor = "J. Brynielsson and {Johansson }, F.",
booktitle = "Proceedings - 2016 European Intelligence and Security Informatics Conference, EISIC 2016 :",
publisher = "IEEE",

}

RIS (suitable for import to EndNote) - Download

TY - GEN

T1 - A post-mortem empirical investigation of the popularity and distribution of malware files in the contemporary web-facing internet

AU - Ruohonen, Jukka

AU - Scepanovic, Sanja

AU - Hyrynsalmi, Sami

AU - Mishkovski, Igor

AU - Aura, Tuomas

AU - Leppänen, Ville

PY - 2017/3/2

Y1 - 2017/3/2

N2 - This short empirical paper investigates a snapshot of about two million files from a continuously updated big data collection maintained by F-Secure for security intelligence purposes. By further augmenting the snapshot with open data covering about a half of a million files, the paper examines two questions: (a) what is the shape of a probability distribution characterizing the relative share of malware files to all files distributed from web-facing Internet domains, and (b) what is the distribution shaping the popularity of malware files? A bimodal distribution is proposed as an answer to the former question, while a graph theoretical definition for the popularity concept indicates a long-tailed, extreme value distribution. With these two questions - and the answers thereto, the paper contributes to the attempts to understand large-scale characteristics of malware at the grand population level - at the level of the whole Internet.

AB - This short empirical paper investigates a snapshot of about two million files from a continuously updated big data collection maintained by F-Secure for security intelligence purposes. By further augmenting the snapshot with open data covering about a half of a million files, the paper examines two questions: (a) what is the shape of a probability distribution characterizing the relative share of malware files to all files distributed from web-facing Internet domains, and (b) what is the distribution shaping the popularity of malware files? A bimodal distribution is proposed as an answer to the former question, while a graph theoretical definition for the popularity concept indicates a long-tailed, extreme value distribution. With these two questions - and the answers thereto, the paper contributes to the attempts to understand large-scale characteristics of malware at the grand population level - at the level of the whole Internet.

KW - Malware

KW - Security intelligence

KW - Web crawling

U2 - 10.1109/EISIC.2016.037

DO - 10.1109/EISIC.2016.037

M3 - Conference contribution

SP - 144

EP - 147

BT - Proceedings - 2016 European Intelligence and Security Informatics Conference, EISIC 2016 :

A2 - Brynielsson, J.

A2 - Johansson , F.

PB - IEEE

ER -