Classification of Exploit-Kit behaviors via machine learning approach

Sukritta Harnmetta, S. Ngamsuriyaroj
{"title":"Classification of Exploit-Kit behaviors via machine learning approach","authors":"Sukritta Harnmetta, S. Ngamsuriyaroj","doi":"10.23919/ICACT.2018.8323797","DOIUrl":null,"url":null,"abstract":"An Exploit-Kit (EK) is the cyber attacking tool which targets in finding vulnerabilities appeared on a web browser instance such as web-plugins, add-on instances usually installed in a web browser. Such instances may send some suitable malware payload through the vulnerabilities they found. This kind of such cyber-attack is known as the drive-by-download attack where malware downloading do not require any interaction from users. In addition, EK can do self-protection by imitating a benign website or responding to end-users with HTTP 404 error code whenever it encountered an unsupported target web browser. As a result, detecting EK requires a lot of effort. However, when an EK launches an attack, there are some patterns of interactions between a host and a victim. In this work, we obtain a set of data from www.malware-traffic-analysis.net and analyze those interactions in order to identify a set of features. We use such features to build a model for classifying interaction patterns of each EK type. Our experiments show that, with 5,743 network flows and 45 features, our model using Decision tree approach can classify EK traffic and EK type with accuracy of 97.74% and 97.11% respectively. In conclusion, our proposed work can help detect the behavior of EK with high accuracy.","PeriodicalId":228625,"journal":{"name":"2018 20th International Conference on Advanced Communication Technology (ICACT)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 20th International Conference on Advanced Communication Technology (ICACT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/ICACT.2018.8323797","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5

Abstract

An Exploit-Kit (EK) is the cyber attacking tool which targets in finding vulnerabilities appeared on a web browser instance such as web-plugins, add-on instances usually installed in a web browser. Such instances may send some suitable malware payload through the vulnerabilities they found. This kind of such cyber-attack is known as the drive-by-download attack where malware downloading do not require any interaction from users. In addition, EK can do self-protection by imitating a benign website or responding to end-users with HTTP 404 error code whenever it encountered an unsupported target web browser. As a result, detecting EK requires a lot of effort. However, when an EK launches an attack, there are some patterns of interactions between a host and a victim. In this work, we obtain a set of data from www.malware-traffic-analysis.net and analyze those interactions in order to identify a set of features. We use such features to build a model for classifying interaction patterns of each EK type. Our experiments show that, with 5,743 network flows and 45 features, our model using Decision tree approach can classify EK traffic and EK type with accuracy of 97.74% and 97.11% respectively. In conclusion, our proposed work can help detect the behavior of EK with high accuracy.
基于机器学习方法的Exploit-Kit行为分类
Exploit-Kit (EK)是一种网络攻击工具,其目标是发现web浏览器实例上出现的漏洞,例如web插件,通常安装在web浏览器中的附加组件实例。这样的实例可能会通过他们发现的漏洞发送一些合适的恶意软件负载。这种网络攻击被称为下载驱动攻击,恶意软件下载不需要用户的任何交互。此外,EK可以通过模仿良性网站或在遇到不支持的目标web浏览器时向最终用户响应HTTP 404错误代码来进行自我保护。因此,检测EK需要付出很大的努力。然而,当EK发起攻击时,主机和受害者之间存在一些交互模式。在这项工作中,我们从www.malware-traffic-analysis.net获得一组数据,并分析这些相互作用,以识别一组特征。我们利用这些特征构建了一个模型,用于对每个EK类型的交互模式进行分类。实验表明,在5743个网络流和45个特征的情况下,采用决策树方法的模型对EK流量和EK类型的分类准确率分别为97.74%和97.11%。综上所述,我们的工作可以帮助我们高精度地检测EK的行为。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信