A Post-Mortem Empirical Investigation of the Popularity and Distribution of Malware Files in the Contemporary Web-Facing Internet



Jukka Ruohonen, Sanja, Scepanovic, Sami Hyrynsalmi, Igor Mishkovski, Tuomas Aura, Ville Leppänen

Joel Brynielsson, Fredrik Johansson

European Intelligence and Security Informatics Conference

2016

Proceedings of 2016 European Intelligence and Security Informatics Conference (EISIC)

144

147

4

978-1-5090-2857-3

2572-3723

DOIhttps://doi.org/10.1109/EISIC.2016.30

http://www.csis.pace.edu/~ctappert/papers/proceedings/2016EISIC/data/2857a144.pdf


This short empirical paper investigates a snapshot
of about two million files from a continuously updated big
data collection maintained by F-Secure for security intelligence
purposes. By further augmenting the snapshot with open data
covering about a half of a million files, the paper examines two
questions: (a) what is the shape of a probability distribution
characterizing the relative share of malware files to all files
distributed from web-facing Internet domains; and (b) what is the
distribution shaping the popularity of malware files? A bimodal
distribution is proposed as an answer to the former question,
while a graph theoretical definition for the popularity concept
indicates a long-tailed, extreme value distribution. With these two
questions – and the answers thereto, the paper contributes to the
attempts to understand large-scale characteristics of malware at
the grand population level – at the level of the whole Internet.


Last updated on 2024-26-11 at 15:08