Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Gao, Max, Collins, Michael, Mok, Ricky, Claffy, kc
Format: Preprint
Veröffentlicht: 2025
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2507.05213
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866914107186216960
author Gao, Max
Collins, Michael
Mok, Ricky
Claffy, kc
author_facet Gao, Max
Collins, Michael
Mok, Ricky
Claffy, kc
contents Threat hunting is an operational security process where an expert analyzes traffic, applying knowledge and lightweight tools on unlabeled data in order to identify and classify previously unknown phenomena. In this paper, we examine threat hunting metrics and practice by studying the detection of Crackonosh, a cryptojacking malware package, has on various metrics for identifying its behavior. Using a metric for discoverability, we model the ability of defenders to measure Crackonosh traffic as the malware population decreases, evaluate the strength of various detection methods, and demonstrate how different darkspace sizes affect both the ability to track the malware, but enable emergent behaviors by exploiting attacker mistakes.
format Preprint
id arxiv_https___arxiv_org_abs_2507_05213
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Hunting in the Dark: Metrics for Early Stage Traffic Discovery
Gao, Max
Collins, Michael
Mok, Ricky
Claffy, kc
Cryptography and Security
Threat hunting is an operational security process where an expert analyzes traffic, applying knowledge and lightweight tools on unlabeled data in order to identify and classify previously unknown phenomena. In this paper, we examine threat hunting metrics and practice by studying the detection of Crackonosh, a cryptojacking malware package, has on various metrics for identifying its behavior. Using a metric for discoverability, we model the ability of defenders to measure Crackonosh traffic as the malware population decreases, evaluate the strength of various detection methods, and demonstrate how different darkspace sizes affect both the ability to track the malware, but enable emergent behaviors by exploiting attacker mistakes.
title Hunting in the Dark: Metrics for Early Stage Traffic Discovery
topic Cryptography and Security
url https://arxiv.org/abs/2507.05213