Khuda Bux, Muhammad Yousaf, A. H. Jalbani, Komal Batool
{"title":"Detection of Malicious Servers for Preventing Client-Side Attacks","authors":"Khuda Bux, Muhammad Yousaf, A. H. Jalbani, Komal Batool","doi":"10.22581/MUET1982.2101.20","DOIUrl":null,"url":null,"abstract":"The number of client-side attacks is increasing day-by-day. These attacks are launched by using various methods like phishing, drive-by downloads, click-frauds, social engineering, scareware, and ransomware. To get more advantage with less exertion and time, the attackers are focus on the clients, rather than servers which are more secured as compared to the clients. This makes clients as an easy target for the attackers on the Internet. A number of systems/tools have been created by the security community with various functions for detection of client-side attacks. The discovery of malicious servers that launch the client side attacks can be characterized in two types. First to detect malicious servers with passive detection which is often signature based. Second to detect the malicious servers with active detection often with dynamic malware analysis. Current systems or tools have more focus on identifying malicious servers rather than preventing the clients from those malicious servers. In this paper, we have proposed a solution for the detection and prevention of malicious servers that use the Bro Intrusion Detection System (IDS) and VirusTotal API 2.0. The detected malicious link is then blocked at the gateway.","PeriodicalId":436878,"journal":{"name":"January 2021","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"January 2021","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.22581/MUET1982.2101.20","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
The number of client-side attacks is increasing day-by-day. These attacks are launched by using various methods like phishing, drive-by downloads, click-frauds, social engineering, scareware, and ransomware. To get more advantage with less exertion and time, the attackers are focus on the clients, rather than servers which are more secured as compared to the clients. This makes clients as an easy target for the attackers on the Internet. A number of systems/tools have been created by the security community with various functions for detection of client-side attacks. The discovery of malicious servers that launch the client side attacks can be characterized in two types. First to detect malicious servers with passive detection which is often signature based. Second to detect the malicious servers with active detection often with dynamic malware analysis. Current systems or tools have more focus on identifying malicious servers rather than preventing the clients from those malicious servers. In this paper, we have proposed a solution for the detection and prevention of malicious servers that use the Bro Intrusion Detection System (IDS) and VirusTotal API 2.0. The detected malicious link is then blocked at the gateway.
客户端攻击的数量每天都在增加。这些攻击是通过使用各种方法发起的,如网络钓鱼、驾车下载、点击欺诈、社会工程、恐吓软件和勒索软件。为了以更少的精力和时间获得更多的优势,攻击者关注的是客户端,而不是服务器,服务器比客户端更安全。这使得客户端很容易成为互联网上攻击者的目标。安全社区已经创建了许多系统/工具,具有检测客户端攻击的各种功能。发现发起客户端攻击的恶意服务器可以分为两种类型。首先,通过被动检测来检测恶意服务器,被动检测通常是基于签名的。二是对恶意服务器进行主动检测,通常采用动态恶意软件分析。当前的系统或工具更多地关注于识别恶意服务器,而不是阻止客户端来自这些恶意服务器。本文提出了一种利用Bro入侵检测系统(IDS)和VirusTotal API 2.0对恶意服务器进行检测和防御的解决方案。然后,检测到的恶意链接在网关上被阻止。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
