Merit Logo Merit IconSet
Skip to content

CAOE: Characterization of Malware Behaviors Using Network Telescope Data

Data cyberattacks present one of the most critical threats to the security of the nation’s critical infrastructures and the safety of our citizens. Adversaries frequently target intellectual properties and financial assets of U.S. corporations through cyberattacks. The rapidly increasing adoption of mobile and Internet-of-Things (IoT) devices and their global usage further expands the “attack surface” for nefarious actors. The quick identification of the origins and intents of cyberattacks is required to defend critical services and infrastructure.

Finding efficient methods for characterizing malware behaviors will increase the success of existing cybersecurity efforts employed by DHS such as advanced situation awareness and monitoring, related to fortifying and protecting critical infrastructures. This research will develop a scalable machine learning framework for categorizing malicious behaviors, such as network scanning and randomly-spoofed denial-of-service attacks, observed in a large network telescope (darknet).

The key objectives of the project include:

  • Develop and evaluate a framework for clustering network telescope data
  • Assess the usability and the functionality of the developed framework in characterizing malware behaviors with experienced cyber-infrastructure professionals testing and evaluating the effectiveness of the deployed techniques

This research seeks to distill meaningful information from unstructured, large-scale darknet data to discover macroscopic (i.e., internet-wide) malicious activities. The long term goal of the project is to support the cybersecurity mission of DHS through an improved characterization of malware families to enable security analysts to track new threats in a real-time manner.

This project is funded by the DHS CAOE program.

Project Partners: Pennsylvania State University