Представлено дослідження виявлення поштових черв’яків за допомогою вейвлет-перетворень. Стаття робить крок до кращого розуміння черв'яків електронної пошти та дослідження їх впливу на рівень характеристик потоків запитів системи доменних імен (DNS), які створюють машини користувачів. Для моделювання та експериментальних обчислень використано вейвлет-аналіз, а саме дискретне та неперевне вейвлет перетворення, статистичні алгоритми кластеризації, численні методи та інші методи математичного аналізу.

Ключові слова: поштові черв’яки; DNS запити; дискретне вейвлетне перетворення; вейвлет Хаара (Гаара), стиснення даних.

N. Weaver, V. Paxson, S. Staniford, and R. Cunningham, “A taxonomy of computer worms,” in WORM ’03: Proc. of the 2003 ACM workshop on Rapid malcode. New York, NY, USA: ACM, 2003, pp. 11–18.

M. Braverman, “Behavioral modeling of social engineering-based malicious software,” in Virus Bulletin Conf., 2006.

Virus Radar, “Top 10 threats,”

Kaspersky Lab, “Monthly Malware Statistics,” .

S. Stolfo, S. Hershkop, C. Hu, W. Li, O. Nimeskern, and K. Wang, “Behavior-based modeling and its application to email analysis,” ACM Trans. Interet Technol., vol. 6, no. 2, pp. 187–221, 2006.

C. Aggarwal, A. Hinneburg, and D. Keim, “On the Surprising Behavior

of Distance Metrics in High Dimensional Space,” in ICDT 2001: Proc. of the 8th Int. Conf. on Database Theory, ser. LNCS. Springer, 2001, pp. 420–434

A. Bagnall, C. Ratanamahatana, E. Keogh, S. Lonardi, and G. Janacek, “A bit level representation for time series data mining with shape based similarity,” Data Mining Knowledge Discovery, vol. 13, no. 1, pp. 11–40, 2006.

C. Faloutsos, M. Ranganathan, and Y. Manolopoulos, “Fast subsequence matching in time-series databases,” in SIGMOD ’94: Proc. of the 1994 ACM SIGMOD Int. Conf. on Management of Data. ACM, 1994, pp. 419–429

N. Chatzis, “Motivation for behaviour-based dns security: A taxonomy of dns-related internet threats,” in SECURWARE 2007: Proc. of the Int. Conf. on Emerging Security Information, Systems, and Technologies. Los Alamitos, CA, USA: IEEE Computer Society, 2007, pp. 36–41.

F. Mörchen, “Time series feature extraction for data mining using dwt and dft,” Dept. of Maths and CS, Philipps-U. Marburg, Tech. Rep. No. 33, 2003.

Vidakovic, Brani (2010). Statistical Modeling by Wavelets. Wiley Series in Probability and Statistics (вид. 2). с. 60, 63.

K. E. Stollnitz, T. Derose, and D. Salesin, Wavelets for computer graphics: theory and applications. San Francisco, CA, USA: Morgan Kaufmann Publishers Inc., 1996

R. Matsuba, Y. Musashi, and K. Sugitani, “Detection of mass mailing worm-infected ip address by analysis of syslog for dns server,” IPSJ SIG, pp. 67–72, 2004.

Y. Musashi and K. Rannenberg, “Detection of mass mailing worminfected pc terminals by observing dns query access,” IPSJ SIG Notes, pp. 39–44, 2004.

References:

N. Weaver, V. Paxson, S. Staniford, and R. Cunningham, “A taxonomy of computer worms,” in WORM ’03: Proc. of the 2003 ACM workshop on Rapid malcode. New York, NY, USA: ACM, 2003.

M. Braverman, “Behavioral modeling of social engineering-based malicious software,” in Virus Bulletin Conf., 2006.

Virus Radar, “Top 10 threats,” .

Kaspersky Lab, “Monthly Malware Statistics,” .

S. Stolfo, S. Hershkop, C. Hu, W. Li, O. Nimeskern, and K. Wang, “Behavior-based modeling and its application to email analysis,” ACM Trans. Interet Technol., vol. 6, no. 2 2006.

C. Aggarwal, A. Hinneburg, and D. Keim, “On the Surprising Behavior

of Distance Metrics in High Dimensional Space,” in ICDT 2001: Proc. of the 8th Int. Conf. on Database Theory, ser. LNCS. Springer, 2001.

A. Bagnall, C. Ratanamahatana, E. Keogh, S. Lonardi, and G. Janacek, “A bit level representation for time series data mining with shape based similarity,” Data Mining Knowledge Discovery, vol. 13, no. 1, 2006.

C. Faloutsos, M. Ranganathan, and Y. Manolopoulos, “Fast subsequence matching in time-series databases,” in SIGMOD ’94: Proc. of the 1994 ACM SIGMOD Int. Conf. on Management of Data. ACM, 1994.

N. Chatzis, “Motivation for behaviour-based dns security: A taxonomy of dns-related internet threats,” in SECURWARE 2007: Proc. of the Int. Conf. on Emerging Security Information, Systems, and Technologies. Los Alamitos, CA, USA: IEEE Computer Society, 2007.

F. Mörchen, “Time series feature extraction for data mining using dwt and dft,” Dept. of Maths and CS, Philipps-U. Marburg, Tech. Rep. No. 33, 2003.

Vidakovic, Brani (2010). Statistical Modeling by Wavelets. Wiley Series in Probability and Statistics (вид. 2).

K. E. Stollnitz, T. Derose, and D. Salesin, Wavelets for computer graphics: theory and applications. San Francisco, CA, USA: Morgan Kaufmann Publishers Inc., 1996

R. Matsuba, Y. Musashi, and K. Sugitani, “Detection of mass mailing worm-infected ip address by analysis of syslog for dns server,” IPSJ SIG, 2004.

Y. Musashi and K. Rannenberg, “Detection of mass mailing worminfected pc terminals by observing dns query access,” IPSJ SIG Notes, 2004.