The week's pick
Reseach Article
Characterizing IoC of Covid-19 Spam Campaign by Open-Source based Geographic Analysis
| International Journal of Computer Applications |
| Foundation of Computer Science (FCS), NY, USA |
| Volume 186 - Number 11 |
| Year of Publication: 2024 |
| Authors: Ruo Ando, Liu Shiying, Yuki Okawa, Yoshiyasu Takefuji |
10.5120/ijca2024923449
|
Ruo Ando, Liu Shiying, Yuki Okawa, Yoshiyasu Takefuji . Characterizing IoC of Covid-19 Spam Campaign by Open-Source based Geographic Analysis. International Journal of Computer Applications. 186, 11 ( Mar 2024), 12-16. DOI=10.5120/ijca2024923449
Abstract
The use of geographic analysis in the field of cybersecurity is growing. However, few studies have evaluated implementation methods and algorithms. In this paper, we characterize each of the IoCs (Indicators of Compromise) by comparing the open-source Reported Blocklist Database (AbuseIPDB) and the IoCs of the Covid-19 Spam campaign based on VirusTotal scores. VirusTotal scores range from 40 to 100, with 40 points being used for widespread and less certain threat-hunting rules and 100 points being used for the most certain rules. The experiments revealed that OPTICS, a non-parametric, density-based method, is effective due to the nature of the geographic distribution of cybersecurity IoCs. It was also found that although the danger scores of both IoCs were close, the IoCs of the Covid-19 Spam campaign contained more dangerous ones and required more alerts. The proposed methodology applies to other types of IoCs, all of which can be implemented with open source resources and APIs on the Internet.
References
- Indicators of Compromise (IoCs) and Their Role in Attack Defence https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-099a
- COVID-19 Exploited by Malicious Cyber Actors https://www.cisa.gov/news-events/cybersecurityadvisories/aa20-099a
- AbuseIPDB https://www.abuseipdb.com/
- VirusTotal https://www.virustotal.com/gui/
- Ester, Martin; Kriegel, Hans-Peter; Sander, J?rg; Xu, Xiaowei (1996). Simoudis, Evangelos; Han, Jiawei; Fayyad, Usama M. (eds.). A density-based algorithm for discovering clusters in large spatial databases with noise (PDF). Proceedings of the Second International Conference on Knowledge Discovery and Data Mining (KDD-96). AAAI Press. pp. 226-231.
- Mihael Ankerst; Markus M. Breunig; Hans-Peter Kriegel; Jrg Sander (1999). OPTICS: Ordering Points To Identify the Clustering Structure. ACM SIGMOD international conference on Management of data. ACM Press. pp. 49-60
- Peng Peng, Limin Yang, Linhai Song, Gang Wang: Opening the Blackbox of VirusTotal: Analyzing Online Phishing Scan Engines. Internet Measurement Conference 2019: pp.478-485
- Shuofei Zhu, Jianjun Shi, Limin Yang, Boqin Qin, Ziyi Zhang, Linhai Song, Gang Wang: Measuring and Modeling the Label Dynamics of Online Anti-Malware Engines. USENIX Security Symposium 2020: pp.2361-2378
- Jared Lee Lewis, Geanina F. Tambaliuc, Husnu S. Narman, Wook-Sung Yoo: IP Reputation Analysis of Public Databases and Machine Learning Techniques. ICNC 2020: pp.181-186
- Adam Oest, Yeganeh Safaei, Adam Doup, Gail-Joon Ahn, Brad Wardman, Kevin Tyers: PhishFarm: A Scalable Framework for Measuring the Effectiveness of Evasion Techniques against Browser Phishing Blacklists. IEEE Symposium on Security and Privacy 2019: 1344-1361
- Onur Catakoglu, Marco Balduzzi and Davide Balzarotti.“Automatic Extraction of Indicators of Compromise for Web Applications”, https://documents.trendmicro.com/assets/wp/wp-automaticextraction-of-indicators-of-compromise.pdf
- Guo Li, Matthew Dunn, Paul Pearce, Damon McCoy,Geoffrey M. Voelker, Stefan Savage: Reading the Tea leaves: A Comparative Analysis of Threat Intelligence. USENIX Security Symposium 2019: 851-867
- Jun Zhao, Qiben Yan, Xudong Liu, Bo Li, Guangsheng Zuo: Cyber Threat Intelligence Modeling Based on Heterogeneous Graph Convolutional Network. RAID 2020: 241-256
Index Terms
Keywords