Malicious File Hash Detection and Drive-by Download Attacks

被引:8
|
作者
Ghafir, Ibrahim [1 ]
Prenosil, Vaclav [1 ]
机构
[1] Masaryk Univ, Fac Informat, Brno 60200, Czech Republic
来源
PROCEEDINGS OF THE SECOND INTERNATIONAL CONFERENCE ON COMPUTER AND COMMUNICATION TECHNOLOGIES, IC3T 2015, VOL 1 | 2016年 / 379卷
关键词
Cyber attacks; Botnet; Malware; Malicious file hash; Intrusion detection system;
D O I
10.1007/978-81-322-2517-1_63
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Malicious web content has become the essential tool used by cybercriminals to accomplish their attacks on the Internet. In addition, attacks that target web clients, in comparison to infrastructure components, have become prevalent. Malware drive-by downloads are a recent challenge, as their spread appears to be increasing substantially in malware distribution attacks. In this paper we present our methodology for detecting any malicious file downloaded by one of the network hosts. Our detection method is based on a blacklist of malicious file hashes. We process the network traffic, analyze all connections, and calculate MD5, SHA1, and SHA256 hash for each new file seen being transferred over a connection. Then we match the calculated hashes with the blacklist. The blacklist of malicious file hashes is automatically updated each day and the detection is in the real time.
引用
收藏
页码:661 / 669
页数:9
相关论文
共 50 条
  • [21] Cujo: Efficient Detection and Prevention of Drive-by-Download Attacks
    Rieck, Konrad
    Krueger, Tammo
    Dewald, Andreas
    26TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2010), 2010, : 31 - 39
  • [22] The MALICIA dataset: identification and analysis of drive-by download operations
    Nappa, Antonio
    Rafique, M. Zubair
    Caballero, Juan
    INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2015, 14 (01) : 15 - 33
  • [23] Similarity Analysis of Shellcodes in Drive-by Download Attack Kits
    Cherukuri, Manoj
    Mukkamala, Srinivas
    Shin, Dongwan
    PROCEEDINGS OF THE 2012 8TH INTERNATIONAL CONFERENCE ON COLLABORATIVE COMPUTING: NETWORKING, APPLICATIONS AND WORKSHARING (COLLABORATECOM 2012), 2012, : 687 - 694
  • [24] The MALICIA dataset: identification and analysis of drive-by download operations
    Antonio Nappa
    M. Zubair Rafique
    Juan Caballero
    International Journal of Information Security, 2015, 14 : 15 - 33
  • [25] DDIML: Explainable detection model for drive-by-download attacks
    Liu, Xiaole
    Huang, Cheng
    Fang, Yong
    Journal of Intelligent and Fuzzy Systems, 2022, 43 (03): : 3429 - 3442
  • [26] DDIML: Explainable detection model for drive-by-download attacks
    Liu, Xiaole
    Huang, Cheng
    Fang, Yong
    JOURNAL OF INTELLIGENT & FUZZY SYSTEMS, 2022, 43 (03) : 3429 - 3442
  • [27] MARMITE: Spreading Malicious File Reputation Through Download Graphs
    Stringhini, Gianluca
    Shen, Yun
    Han, Yufei
    Zhang, Xiangliang
    33RD ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2017), 2017, : 91 - 102
  • [28] Drive-by leak detection
    不详
    POWER, 2003, 147 (09) : 26 - 26
  • [29] ON DRIVE-BY-DOWNLOAD ATTACKS AND MALWARE CLASSIFICATION
    Puttaroo, Mohammad
    Komisarczuk, Peter
    de Amorim, Renato Cordeiro
    PROCEEDINGS OF THE FIFTH INTERNATIONAL CONFERENCE ON INTERNET TECHNOLOGIES AND APPLICATIONS (ITA 13), 2013, : 217 - 225
  • [30] An Approach to Detect Drive-by Download by Observing the Web Page Transition Behaviors
    Matsunaka, Takashi
    Kubota, Ayumu
    Kasama, Takahiro
    2014 NINTH ASIA JOINT CONFERENCE ON INFORMATION SECURITY (ASIA JCIS), 2014, : 19 - 25
12345