{"title":"Detection of Android Malware Behavior in Browser Downloads","authors":"Min-Hao Wu, Limin Yi, Ting-Cheng Chang, Yiwan Chen, Caiping Dai, Sangjian Chen","doi":"10.1109/ECBIOS54627.2022.9944991","DOIUrl":null,"url":null,"abstract":"Hypertext transfer protocol has become one of the most widely used Internet or industrial control systems, so protecting Web services is critical. Many information security research institutions deploy honeypots to collect network packets and analyze the software services and methods for the attack to understand the hacker's attack behavior. However, in analyzing the log, the analyst may face the problem of massive data volume and repeated inspection. Therefore, the analyst needs a tool to detect whether many newly captured packets are new types to reduce the analysis log time. We propose a new exception detection method named 'Detect new exceptions for Web-server‘. It overcomes the characteristics of abnormal packets captured by honeypots, such as Diverse, Unlabeled, and Imbalanced, and learns historical strange packet behavior in a semi-supervised manner. Historical exception behavior models are built to detect whether newly captured packets are new-type exceptions. The discovery approach incorporated with a feature-based can accomplish the result of low false positives and typical false downsides. It is feasible to rapidly discover whether the recently caught packages are a new type of irregularity and determine the new sort of problem index, minimizing the moment and price of the evaluation procedure for analysts.","PeriodicalId":330175,"journal":{"name":"2022 IEEE 4th Eurasia Conference on Biomedical Engineering, Healthcare and Sustainability (ECBIOS)","volume":"58 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 4th Eurasia Conference on Biomedical Engineering, Healthcare and Sustainability (ECBIOS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ECBIOS54627.2022.9944991","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Hypertext transfer protocol has become one of the most widely used Internet or industrial control systems, so protecting Web services is critical. Many information security research institutions deploy honeypots to collect network packets and analyze the software services and methods for the attack to understand the hacker's attack behavior. However, in analyzing the log, the analyst may face the problem of massive data volume and repeated inspection. Therefore, the analyst needs a tool to detect whether many newly captured packets are new types to reduce the analysis log time. We propose a new exception detection method named 'Detect new exceptions for Web-server‘. It overcomes the characteristics of abnormal packets captured by honeypots, such as Diverse, Unlabeled, and Imbalanced, and learns historical strange packet behavior in a semi-supervised manner. Historical exception behavior models are built to detect whether newly captured packets are new-type exceptions. The discovery approach incorporated with a feature-based can accomplish the result of low false positives and typical false downsides. It is feasible to rapidly discover whether the recently caught packages are a new type of irregularity and determine the new sort of problem index, minimizing the moment and price of the evaluation procedure for analysts.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
