Malicious File Hash Detection and Drive-by Download Attacks

被引:8
|
作者
Ghafir, Ibrahim [1 ]
Prenosil, Vaclav [1 ]
机构
[1] Masaryk Univ, Fac Informat, Brno 60200, Czech Republic
来源
PROCEEDINGS OF THE SECOND INTERNATIONAL CONFERENCE ON COMPUTER AND COMMUNICATION TECHNOLOGIES, IC3T 2015, VOL 1 | 2016年 / 379卷
关键词
Cyber attacks; Botnet; Malware; Malicious file hash; Intrusion detection system;
D O I
10.1007/978-81-322-2517-1_63
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Malicious web content has become the essential tool used by cybercriminals to accomplish their attacks on the Internet. In addition, attacks that target web clients, in comparison to infrastructure components, have become prevalent. Malware drive-by downloads are a recent challenge, as their spread appears to be increasing substantially in malware distribution attacks. In this paper we present our methodology for detecting any malicious file downloaded by one of the network hosts. Our detection method is based on a blacklist of malicious file hashes. We process the network traffic, analyze all connections, and calculate MD5, SHA1, and SHA256 hash for each new file seen being transferred over a connection. Then we match the calculated hashes with the blacklist. The blacklist of malicious file hashes is automatically updated each day and the detection is in the real time.
引用
收藏
页码:661 / 669
页数:9
相关论文
共 50 条
  • [41] BrowserGuard: A Behavior-Based Solution to Drive-by-Download Attacks
    Hsu, Fu-Hau
    Tso, Chang-Kuo
    Yeh, Yi-Chun
    Wang, Wei-Jen
    Chen, Li-Han
    IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, 2011, 29 (07) : 1461 - 1468
  • [42] Application of intelligent algorithms in library resource malicious download detection system
    Zhang, Xueqi
    INTELLIGENT DECISION TECHNOLOGIES-NETHERLANDS, 2024, 18 (03): : 2495 - 2509
  • [43] Detecting Heap-Spray Attacks in Drive-by Downloads: Giving Attackers a Hand
    Van Lam Le
    Welch, Ian
    Gao, Xiaoying
    Komisarczuk, Peter
    PROCEEDINGS OF THE 2013 38TH ANNUAL IEEE CONFERENCE ON LOCAL COMPUTER NETWORKS (LCN 2013), 2013, : 300 - +
  • [44] Development and Validation of Drive-by Detection Method for Resonant Bridges
    Matsuoka K.
    Kawasaki K.
    Tanaka H.
    Tsunemoto M.
    Quarterly Report of RTRI (Railway Technical Research Institute), 2022, 63 (02) : 133 - 138
  • [45] Drive-by damage detection in bridges using the apparent profile
    OBrien, E. J.
    Keenahan, J.
    STRUCTURAL CONTROL & HEALTH MONITORING, 2015, 22 (05): : 813 - 825
  • [46] Detection of drive-by downloads based on dynamic page views
    Zhang, Huilin
    Zhuge, Jianwei
    Song, Chengyu
    Han, Xinhui
    Zou, Wei
    Qinghua Daxue Xuebao/Journal of Tsinghua University, 2009, 49 (SUPPL. 2): : 2126 - 2132
  • [47] Design and Implementation of High Interaction Client Honeypot for Drive-by-Download Attacks
    Akiyama, Mitsuaki
    Iwamura, Makoto
    Kawakoya, Yuhei
    Aoki, Kazufumi
    Itoh, Mitsutaka
    IEICE TRANSACTIONS ON COMMUNICATIONS, 2010, E93B (05) : 1131 - 1139
  • [48] Malicious Node Detection in OppNets Using Hash Chain Technique
    Alajeely, Majeed
    Ahmad, Asma'a
    Doss, Robin
    PROCEEDINGS OF 2015 4TH INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND NETWORK TECHNOLOGY (ICCSNT 2015), 2015, : 925 - 930
  • [49] Application of empirical mode decomposition to drive-by bridge damage detection
    OBrien, Eugene J.
    Malekjafarian, Abdollah
    Gonzalez, Arturo
    EUROPEAN JOURNAL OF MECHANICS A-SOLIDS, 2017, 61 : 151 - 163
  • [50] A Feasibility Study of the Drive-By Method for Damage Detection in Railway Bridges
    Carnevale, Marco
    Collina, Andrea
    Peirlinck, Tim
    APPLIED SCIENCES-BASEL, 2019, 9 (01):
12345