查看文章

Malware is increasingly diversified and sophisti-cated. It is essential to rapidly and accurately detect malware activities when malware infection spreads. However, accurately distinguishing potential malware activities from countless indis-criminate scanning attacks is a huge challenge. In this study, we introduce Dark-NMF, a darknet analysis engine using Non-negative Matrix Factorization (NMF). Dark-NMF focuses on synchronizing the spatiotemporal features seen when malware infection spreads and detects abnormally synchronous spatial features (source hosts and destination ports) automatically in near real-time. Dark-NMF measures the synchronization of spatial features by decomposing spatiotemporal patterns from darknet traffic using NMF. We tuned the hyperparameters of Dark- Nmfand evaluated the detection performance of malware activities against the performance of existing methods such as …