Malicious File Hash Detection and Drive-by Download Attacks

被引:8
|
作者
Ghafir, Ibrahim [1 ]
Prenosil, Vaclav [1 ]
机构
[1] Masaryk Univ, Fac Informat, Brno 60200, Czech Republic
来源
PROCEEDINGS OF THE SECOND INTERNATIONAL CONFERENCE ON COMPUTER AND COMMUNICATION TECHNOLOGIES, IC3T 2015, VOL 1 | 2016年 / 379卷
关键词
Cyber attacks; Botnet; Malware; Malicious file hash; Intrusion detection system;
D O I
10.1007/978-81-322-2517-1_63
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Malicious web content has become the essential tool used by cybercriminals to accomplish their attacks on the Internet. In addition, attacks that target web clients, in comparison to infrastructure components, have become prevalent. Malware drive-by downloads are a recent challenge, as their spread appears to be increasing substantially in malware distribution attacks. In this paper we present our methodology for detecting any malicious file downloaded by one of the network hosts. Our detection method is based on a blacklist of malicious file hashes. We process the network traffic, analyze all connections, and calculate MD5, SHA1, and SHA256 hash for each new file seen being transferred over a connection. Then we match the calculated hashes with the blacklist. The blacklist of malicious file hashes is automatically updated each day and the detection is in the real time.
引用
收藏
页码:661 / 669
页数:9
相关论文
共 50 条
  • [31] Detecting and Preventing Drive-by Download Attack via Participative Monitoring of the Web
    Matsunaka, Takashi
    Urakawa, Junpei
    Kubota, Ayumu
    2013 EIGHTH ASIA JOINT CONFERENCE ON INFORMATION SECURITY (ASIAJCIS), 2013, : 48 - 55
  • [32] Use of Deception to Improve Client Honeypot Detection of Drive-by-Download Attacks
    Endicott-Popovsky, Barbara
    Narvaez, Julia
    Seifert, Christian
    Frincke, Deborah A.
    O'Neil, Lori Ross
    Aval, Chiraag
    FOUNDATIONS OF AUGMENTED COGNITION, PROCEEDINGS: NEUROERGONOMICS AND OPERATIONAL NEUROSCIENCE, 2009, 5638 : 138 - +
  • [33] Browser JS']JS Guard: Detects and Defends against Malicious Java']JavaScript Injection based Drive by Download Attacks
    Kishore, Ravi K.
    Mallesh, M.
    Jyostna, G.
    Eswari, P. R. L.
    Sarma, Samavedam Satyanadha
    2014 FIFTH INTERNATIONAL CONFERENCE ON THE APPLICATIONS OF DIGITAL INFORMATION AND WEB TECHNOLOGIES (ICADIWT), 2014, : 92 - 100
  • [34] A Preliminary Analysis of Drive-by Email Attacks in Educational Institutes
    Alqatawna, Ja'far
    Hadi, Ali
    Al-Zwairi, Malek
    Khader, Mariam
    2016 CYBERSECURITY AND CYBERFORENSICS CONFERENCE (CCC), 2016, : 65 - 69
  • [35] 基于浏览器扩展的Drive-by Download防御方法
    田睿智
    茅兵
    谢立
    计算机技术与发展, 2014, 24 (02) : 131 - 135
  • [36] Unorganized Malicious Attacks Detection
    Pang, Ming
    Gao, Wei
    Tao, Min
    Zhou, Zhi-Hua
    ADVANCES IN NEURAL INFORMATION PROCESSING SYSTEMS 31 (NIPS 2018), 2018, 31
  • [37] Generic and Automated Drive-by GPU Cache Attacks from the Browser
    Giner, Lukas
    Czerny, Roland
    Gruber, Christoph
    Rauscher, Fabian
    Kogler, Andreas
    Braga, Daniel De Almeida
    Gruss, Daniel
    PROCEEDINGS OF THE 19TH ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, ACM ASIACCS 2024, 2024, : 128 - 140
  • [38] A Static Approach to Detect Drive-by-download Attacks on Webpages
    Priya, M.
    Sandhya, L.
    Thomas, Ciza
    2013 INTERNATIONAL CONFERENCE ON CONTROL COMMUNICATION AND COMPUTING (ICCC), 2013, : 298 - +
  • [39] Framework for Malicious HTML']HTML File Detection
    Hess, Samuel
    2017 IEEE 2ND INTERNATIONAL WORKSHOPS ON FOUNDATIONS AND APPLICATIONS OF SELF* SYSTEMS (FAS*W), 2017, : 379 - 381
  • [40] An Approach to Predict Drive-by-Download Attacks by Vulnerability Evaluation and Opcode
    Adachi, Takashi
    Omote, Kazumasa
    2015 10TH ASIA JOINT CONFERENCE ON INFORMATION SECURITY (ASIAJCIS), 2015, : 145 - 151
12345