Malicious File Hash Detection and Drive-by Download Attacks

被引:8
|
作者
Ghafir, Ibrahim [1 ]
Prenosil, Vaclav [1 ]
机构
[1] Masaryk Univ, Fac Informat, Brno 60200, Czech Republic
来源
PROCEEDINGS OF THE SECOND INTERNATIONAL CONFERENCE ON COMPUTER AND COMMUNICATION TECHNOLOGIES, IC3T 2015, VOL 1 | 2016年 / 379卷
关键词
Cyber attacks; Botnet; Malware; Malicious file hash; Intrusion detection system;
D O I
10.1007/978-81-322-2517-1_63
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Malicious web content has become the essential tool used by cybercriminals to accomplish their attacks on the Internet. In addition, attacks that target web clients, in comparison to infrastructure components, have become prevalent. Malware drive-by downloads are a recent challenge, as their spread appears to be increasing substantially in malware distribution attacks. In this paper we present our methodology for detecting any malicious file downloaded by one of the network hosts. Our detection method is based on a blacklist of malicious file hashes. We process the network traffic, analyze all connections, and calculate MD5, SHA1, and SHA256 hash for each new file seen being transferred over a connection. Then we match the calculated hashes with the blacklist. The blacklist of malicious file hashes is automatically updated each day and the detection is in the real time.
引用
收藏
页码:661 / 669
页数:9
相关论文
共 50 条
  • [1] Prediction of drive-by download attacks on Twitter
    Javed, Amir
    Burnap, Pete
    Rana, Omer
    INFORMATION PROCESSING & MANAGEMENT, 2019, 56 (03) : 1133 - 1145
  • [2] Drive-By Download Attacks A Comparative Study
    Sood, Aditya K.
    Zeadally, Sherali
    IT PROFESSIONAL, 2016, 18 (05) : 18 - 25
  • [3] A Visual Approach to Detecting Drive-by Download Attacks
    Takada, Tetsuji
    Amako, Katsuhiro
    8TH INTERNATIONAL SYMPOSIUM ON VISUAL INFORMATION COMMUNICATION AND INTERACTION (VINCI 2015), 2015, : 162 - 163
  • [4] Detection of Plug in Misuse Drive-By Download Attacks Using Kernel Machines
    Cherukuri, Manoj
    Mukkamala, Srinivas
    Shin, Dongwan
    2014 INTERNATIONAL CONFERENCE ON COLLABORATIVE COMPUTING: NETWORKING, APPLICATIONS AND WORKSHARING (COLLABORATECOM), 2014, : 546 - 553
  • [5] Automated Detection of Drive-by Download Attack
    Kikuchi, Hiroaki
    Matsumoto, Hiroaki
    Ishii, Hiroshi
    2015 9TH INTERNATIONAL CONFERENCE ON INNOVATIVE MOBILE AND INTERNET SERVICES IN UBIQUITOUS COMPUTING IMIS 2015, 2015, : 511 - 515
  • [6] Efficient and effective realtime prediction of drive-by download attacks
    Jayasinghe, Gaya K.
    Culpepper, J. Shane
    Bertok, Peter
    JOURNAL OF NETWORK AND COMPUTER APPLICATIONS, 2014, 38 : 135 - 149
  • [7] Mitigating Drive-By Download Attacks: Challenges and Open Problems
    Egele, Manuel
    Kirda, Engin
    Kruegel, Christopher
    INETSEC 2009 - OPEN RESEARCH PROBLEMS IN NETWORK SECURITY, 2009, 309 : 52 - +
  • [8] DbDHunter: An Ensemble-based Anomaly Detection Approach to Detect Drive-by Download Attacks
    Jodavi, Mehran
    Abadi, Mahdi
    Parhizkar, Elham
    2015 5TH INTERNATIONAL CONFERENCE ON COMPUTER AND KNOWLEDGE ENGINEERING (ICCKE), 2015, : 273 - 278
  • [9] LightJD: A Lightweight JavaScript Drive-by Download Detection Framework
    Wang, Tingting
    Hou, Jing
    He, Yuxiang
    Han, Jiaxuan
    2024 IEEE 2nd International Conference on Sensors, Electronics and Computer Engineering, ICSECE 2024, 2024, : 190 - 196
  • [10] ELPA: Emulation-Based Linked Page Map Analysis for the Detection of Drive-by Download Attacks
    Choi, Sang-Yong
    Kim, Daehyeok
    Kim, Yong-Min
    JOURNAL OF INFORMATION PROCESSING SYSTEMS, 2016, 12 (03): : 422 - 435
12345