This empirical paper investigates a snapshot of about two million files from a continuously updated big data collection maintained by F-Secure for security intelligence purposes. By further augmenting the snapshot with open data covering about a half of a million files, the paper examines two questions: (a) what is the shape of a probability distribution characterizing the relative share of malicious files to all files distributed from the web-facing Internet domains; and (b) what is the distribution shaping the popularity of malicious software files? A bimodal distribution is proposed as an answer to the former question, while a graph theoretical definition for the popularity concept indicates a long-tailed, extreme value distribution. With these two questions – and the answers thereto, the paper contributes to the attempts to understand characteristics of malicious software at the grand population level – at the level of the whole Internet.
Jukka Ruohonen, Sanja Šćepanović (Aalto University), Sami Hyrynsalmi (Tampere University of Technology), Ville Leppänen: A Post-Mortem Empirical Investigation of the Popularity and Distribution of Malware Files in the Contemporary Web-Facing Internet
Presented at the European Intelligence and Security Informatics Conference (EISIC 2016), Uppsala