An Approach to Detect Drive-By Download by Observing the Web Page Transition Behaviors

2014 Ninth Asia Joint Conference on Information Security Pub Date : 2014-09-01 DOI:10.1109/AsiaJCIS.2014.21

T. Matsunaka, A. Kubota, Takahiro Kasama

{"title":"An Approach to Detect Drive-By Download by Observing the Web Page Transition Behaviors","authors":"T. Matsunaka, A. Kubota, Takahiro Kasama","doi":"10.1109/AsiaJCIS.2014.21","DOIUrl":null,"url":null,"abstract":"Drive-by download is one of the major threats to the Web infrastructure. It is triggered by user access to a malicious website and forces users to download malware by exploiting the vulnerabilities of web browsers or plug-ins. Since these malicious websites are ephemeral, it is difficult to keep pace with the emerging and disappearing of such websites. To detect and prevent such attacks, we implemented a framework that aims to detect and prevent drive-by download with users' voluntary monitoring of the web. In this paper, we propose an approach to detect and prevent drive-by download based on the characteristics of web page transition behaviors caused by malicious websites that force users to download malicious software. We evaluated our approach by using a dataset provided by The Anti Malware Engineering Workshop (MWS2013) as samples of malicious websites and web access data collected by a monitoring sensor in our framework. Our evaluation shows that our detection algorithm can accurately detect drive-by downloads if a series of transitions caused by drive-by downloads is completely conducted.","PeriodicalId":354543,"journal":{"name":"2014 Ninth Asia Joint Conference on Information Security","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 Ninth Asia Joint Conference on Information Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AsiaJCIS.2014.21","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

Abstract

Drive-by download is one of the major threats to the Web infrastructure. It is triggered by user access to a malicious website and forces users to download malware by exploiting the vulnerabilities of web browsers or plug-ins. Since these malicious websites are ephemeral, it is difficult to keep pace with the emerging and disappearing of such websites. To detect and prevent such attacks, we implemented a framework that aims to detect and prevent drive-by download with users' voluntary monitoring of the web. In this paper, we propose an approach to detect and prevent drive-by download based on the characteristics of web page transition behaviors caused by malicious websites that force users to download malicious software. We evaluated our approach by using a dataset provided by The Anti Malware Engineering Workshop (MWS2013) as samples of malicious websites and web access data collected by a monitoring sensor in our framework. Our evaluation shows that our detection algorithm can accurately detect drive-by downloads if a series of transitions caused by drive-by downloads is completely conducted.

查看原文本刊更多论文

一种通过观察网页转换行为来检测驱动下载的方法

速递下载是对Web基础设施的主要威胁之一。它是在用户访问恶意网站时触发的，通过利用浏览器或插件的漏洞迫使用户下载恶意软件。由于这些恶意网站是短暂的，很难跟上这类网站的出现和消失。为了检测和防止此类攻击，我们实施了一个框架，旨在检测和防止用户自愿监控网络的驱动下载。本文提出了一种基于恶意网站强迫用户下载恶意软件所导致的网页转换行为特征的检测和防止飞车下载的方法。我们通过使用反恶意软件工程研讨会(MWS2013)提供的数据集作为恶意网站和网络访问数据的样本来评估我们的方法，这些数据是由我们框架中的监控传感器收集的。我们的评估表明，我们的检测算法可以准确地检测出由驱动下载引起的一系列过渡。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2014 Ninth Asia Joint Conference on Information Security

自引率

0.00%

发文量