Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

White Paper

A Continuous Time List Capture Model for Internet Threats

  • August 2010
  • By Rhiannon Weaver
  • In this paper, Rhiannon Weaver describes a population study of malware files under the CTLC framework and presents a simulation study as well as future work.
  • Network Situational Awareness
  • Publisher: Software Engineering Institute
  • Abstract

    This white paper was published at the Joint Statistical Meetings (JSM) Conference on August 4, 2010.

    To study rapidly evolving populations of Internet threats under views from multiple watch lists, we propose a hierarchical Bayesian model we call Continuous-Time List Capture (CTLC). Methodologically, CTLC is related to survival analysis under competing risks, in which individuals under study admit as many survival curves as there are sources of watch list data. We suggest a Weibull model for the lifetime of a file from birth to appearance on a watch list, and we propose a Markov-Chain Monte Carlo method for simultaneous estimation of birth times for individuals, Weibull rate parameters for lists, and the effects of heterogeneity in behavior or traits among lists and individuals.

    We describe a population study of unique malware files under the CTLC framework, and present a preliminary simulation study as well as future work.

  • Download