A Lustrum of Malware Network Communication: Evolution and Insights

Explore the evolution and insights of malware network communication over a five-year period in this IEEE conference talk. Delve into a comprehensive analysis of 26.8 million malware samples, examining their network behaviors and implications for cybersecurity. Learn about the importance of curating dynamic analysis traces, the increasing prevalence of potentially unwanted programs (PUPs), and the significance of network traffic as an early indicator of infection. Gain valuable insights into malware classification, domain polymorphism, and the use of dynamic DNS and DGA domains. Understand the challenges posed by spam domains and the lifetime of malicious domains. Discover key takeaways that can enhance threat detection, network policy implementation, and incident response strategies in the ever-evolving landscape of malware communication.

Intro
Motivation
Everything Is Fine
Where's the data?
Cleaning Up Datasets
Malware Collection (Filtered)
Malware vs PUP
Classification Results
Domain Polymorphism
Malware Querying Dynamic DNS
Malware Querying DGA Domains
Malware Querying Spam Domains
An Inconvenient Truth
Lifetime of Domains
Key Takeaways