{"title":"一种通过观察网页转换行为来检测驱动下载的方法","authors":"T. Matsunaka, A. Kubota, Takahiro Kasama","doi":"10.1109/AsiaJCIS.2014.21","DOIUrl":null,"url":null,"abstract":"Drive-by download is one of the major threats to the Web infrastructure. It is triggered by user access to a malicious website and forces users to download malware by exploiting the vulnerabilities of web browsers or plug-ins. Since these malicious websites are ephemeral, it is difficult to keep pace with the emerging and disappearing of such websites. To detect and prevent such attacks, we implemented a framework that aims to detect and prevent drive-by download with users' voluntary monitoring of the web. In this paper, we propose an approach to detect and prevent drive-by download based on the characteristics of web page transition behaviors caused by malicious websites that force users to download malicious software. We evaluated our approach by using a dataset provided by The Anti Malware Engineering Workshop (MWS2013) as samples of malicious websites and web access data collected by a monitoring sensor in our framework. Our evaluation shows that our detection algorithm can accurately detect drive-by downloads if a series of transitions caused by drive-by downloads is completely conducted.","PeriodicalId":354543,"journal":{"name":"2014 Ninth Asia Joint Conference on Information Security","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"An Approach to Detect Drive-By Download by Observing the Web Page Transition Behaviors\",\"authors\":\"T. Matsunaka, A. Kubota, Takahiro Kasama\",\"doi\":\"10.1109/AsiaJCIS.2014.21\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Drive-by download is one of the major threats to the Web infrastructure. It is triggered by user access to a malicious website and forces users to download malware by exploiting the vulnerabilities of web browsers or plug-ins. Since these malicious websites are ephemeral, it is difficult to keep pace with the emerging and disappearing of such websites. To detect and prevent such attacks, we implemented a framework that aims to detect and prevent drive-by download with users' voluntary monitoring of the web. In this paper, we propose an approach to detect and prevent drive-by download based on the characteristics of web page transition behaviors caused by malicious websites that force users to download malicious software. We evaluated our approach by using a dataset provided by The Anti Malware Engineering Workshop (MWS2013) as samples of malicious websites and web access data collected by a monitoring sensor in our framework. Our evaluation shows that our detection algorithm can accurately detect drive-by downloads if a series of transitions caused by drive-by downloads is completely conducted.\",\"PeriodicalId\":354543,\"journal\":{\"name\":\"2014 Ninth Asia Joint Conference on Information Security\",\"volume\":\"23 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 Ninth Asia Joint Conference on Information Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/AsiaJCIS.2014.21\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 Ninth Asia Joint Conference on Information Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AsiaJCIS.2014.21","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Approach to Detect Drive-By Download by Observing the Web Page Transition Behaviors
Drive-by download is one of the major threats to the Web infrastructure. It is triggered by user access to a malicious website and forces users to download malware by exploiting the vulnerabilities of web browsers or plug-ins. Since these malicious websites are ephemeral, it is difficult to keep pace with the emerging and disappearing of such websites. To detect and prevent such attacks, we implemented a framework that aims to detect and prevent drive-by download with users' voluntary monitoring of the web. In this paper, we propose an approach to detect and prevent drive-by download based on the characteristics of web page transition behaviors caused by malicious websites that force users to download malicious software. We evaluated our approach by using a dataset provided by The Anti Malware Engineering Workshop (MWS2013) as samples of malicious websites and web access data collected by a monitoring sensor in our framework. Our evaluation shows that our detection algorithm can accurately detect drive-by downloads if a series of transitions caused by drive-by downloads is completely conducted.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
