{"title":"基于机器学习方法的Exploit-Kit行为分类","authors":"Sukritta Harnmetta, S. Ngamsuriyaroj","doi":"10.23919/ICACT.2018.8323797","DOIUrl":null,"url":null,"abstract":"An Exploit-Kit (EK) is the cyber attacking tool which targets in finding vulnerabilities appeared on a web browser instance such as web-plugins, add-on instances usually installed in a web browser. Such instances may send some suitable malware payload through the vulnerabilities they found. This kind of such cyber-attack is known as the drive-by-download attack where malware downloading do not require any interaction from users. In addition, EK can do self-protection by imitating a benign website or responding to end-users with HTTP 404 error code whenever it encountered an unsupported target web browser. As a result, detecting EK requires a lot of effort. However, when an EK launches an attack, there are some patterns of interactions between a host and a victim. In this work, we obtain a set of data from www.malware-traffic-analysis.net and analyze those interactions in order to identify a set of features. We use such features to build a model for classifying interaction patterns of each EK type. Our experiments show that, with 5,743 network flows and 45 features, our model using Decision tree approach can classify EK traffic and EK type with accuracy of 97.74% and 97.11% respectively. In conclusion, our proposed work can help detect the behavior of EK with high accuracy.","PeriodicalId":228625,"journal":{"name":"2018 20th International Conference on Advanced Communication Technology (ICACT)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Classification of Exploit-Kit behaviors via machine learning approach\",\"authors\":\"Sukritta Harnmetta, S. Ngamsuriyaroj\",\"doi\":\"10.23919/ICACT.2018.8323797\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"An Exploit-Kit (EK) is the cyber attacking tool which targets in finding vulnerabilities appeared on a web browser instance such as web-plugins, add-on instances usually installed in a web browser. Such instances may send some suitable malware payload through the vulnerabilities they found. This kind of such cyber-attack is known as the drive-by-download attack where malware downloading do not require any interaction from users. In addition, EK can do self-protection by imitating a benign website or responding to end-users with HTTP 404 error code whenever it encountered an unsupported target web browser. As a result, detecting EK requires a lot of effort. However, when an EK launches an attack, there are some patterns of interactions between a host and a victim. In this work, we obtain a set of data from www.malware-traffic-analysis.net and analyze those interactions in order to identify a set of features. We use such features to build a model for classifying interaction patterns of each EK type. Our experiments show that, with 5,743 network flows and 45 features, our model using Decision tree approach can classify EK traffic and EK type with accuracy of 97.74% and 97.11% respectively. In conclusion, our proposed work can help detect the behavior of EK with high accuracy.\",\"PeriodicalId\":228625,\"journal\":{\"name\":\"2018 20th International Conference on Advanced Communication Technology (ICACT)\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-02-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 20th International Conference on Advanced Communication Technology (ICACT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.23919/ICACT.2018.8323797\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 20th International Conference on Advanced Communication Technology (ICACT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/ICACT.2018.8323797","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Classification of Exploit-Kit behaviors via machine learning approach
An Exploit-Kit (EK) is the cyber attacking tool which targets in finding vulnerabilities appeared on a web browser instance such as web-plugins, add-on instances usually installed in a web browser. Such instances may send some suitable malware payload through the vulnerabilities they found. This kind of such cyber-attack is known as the drive-by-download attack where malware downloading do not require any interaction from users. In addition, EK can do self-protection by imitating a benign website or responding to end-users with HTTP 404 error code whenever it encountered an unsupported target web browser. As a result, detecting EK requires a lot of effort. However, when an EK launches an attack, there are some patterns of interactions between a host and a victim. In this work, we obtain a set of data from www.malware-traffic-analysis.net and analyze those interactions in order to identify a set of features. We use such features to build a model for classifying interaction patterns of each EK type. Our experiments show that, with 5,743 network flows and 45 features, our model using Decision tree approach can classify EK traffic and EK type with accuracy of 97.74% and 97.11% respectively. In conclusion, our proposed work can help detect the behavior of EK with high accuracy.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
