Cybercrime 2.0

Provos, Niels; Rajab, Moheeb Abu; Mavrommatis, Panayiotis

doi:10.1145/1498765.1498782

Cited by 45 publications

(13 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Under the assumption that a phishing website aims to lure the end user to enter their credentials and sensitive information, a limited set of domain expert features can be extracted from URL strings and HTML elements to accurately detect phishing websites. HTML elements such as < ifrmae > or < input > tags accompanied by indicative words such as "password" and "credit card" were previously suggested to be highly effective in detecting phishing websites [36,37]. Additional expert-based features, such as the number of anchors and links, were also investigated [38,39], and when combined with previous work, the authors achieved a true-positive rate (TPR) of 95% for the speci c scenario of phishing website detection.…”

Section: Related Workmentioning

confidence: 99%

Malicious website identification using design attribute learning

Naim

Cohen

Ben‐Gal

2023

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Malicious websites pose a challenging cybersecurity threat. Traditional tools for detecting malicious websites rely heavily on industry-speci c domain knowledge, are maintained by large-scale research operations, and result in a never-ending attacker-defender dynamic. Malicious websites need to balance two opposing requirements to successfully function: escaping malware detection tools while attracting visitors. This fundamental con ict can be leveraged to create a robust and sustainable detection approach based on the extraction, analysis and learning of design attributes for malicious website identi cation.In this paper, we propose a next-generation algorithm for extended design attribute learning that learns and analyzes web page structures, contents, appearances and reputations to detect malicious websites. A large-scale experiment that was conducted on more than 35,000 websites suggests that the proposed algorithm effectively detects more than 83% of all malicious websites while maintaining a low falsepositive rate of 2%. In addition, the proposed method can incorporate user feedback and ag new suspicious websites and thus can be effective against zero-day attacks.

show abstract

Section: Related Workmentioning

confidence: 99%

Malicious website identification using design attribute learning

Naim

Cohen

Ben‐Gal

2023

Int. J. Inf. Secur.

View full text Add to dashboard Cite

show abstract

“…jected, without having the user to execute applications to trigger the malicious code execution. Such attacks include "cross-site scripting" (XSS for short) (Yusof and Pathan, 2016) (Yu et al, 2011), malware injection (Khalil et al, 2014), SQL injection (Gruschka and Jensen, 2010;Dessiatnikoff et al, 2011), Javascript injection (Provos et al, 2009), OS commanding (Dessiatnikoff et al, 2011), XPATH injection (Saripalli and Walters, 2010;Dessiatnikoff et al, 2011), LDAP injection (Modi et al, 2013a;Skrupsky et al, 2012).…”

Section: Attack Categorization In the Cloudmentioning

confidence: 99%

Systematic identification of threats in the cloud: A survey

et al. 2019

View full text Add to dashboard Cite

When a vulnerability is discovered in a system, some key questions often asked by the security analyst are what threat(s) does it pose, what attacks may exploit it, and which parts of the system it affects. Answers to those questions provide the necessary information for the security assessment and to implement effective countermeasures. In the cloud, this problem is more challenging due to the dynamic characteristics, such as elasticity, virtualization, and migration -changing the attack surface over time. This survey explores threats to the cloud by investigating the linkages between threats, attacks and vulnerabilities, and propose a method to identify threats systematically in the cloud using the threat classifications. First, we trace vulnerabilities to threats by relating vulnerabilities-to-attacks, and then relating attacks-to-threats. We have established the traceability through an extensive literature review and synthesis that resulted in a classification of attacks in the cloud, where we use the Microsoft STRIDE threat modeling approach as a guide for relating attacks to threats. Our approach is the genesis towards a concrete method for systematically identifying potential threats to assets provisioned and managed through the cloud. We demonstrate the approach through its application using a cloud deployment case study scenario.

show abstract

“…Given the central role those infrastructures play, an in-depth understanding of their structures and the ways they work becomes critical for counteracting cybercrimes. To this end, prior research investigated the infrastructures associated with some types of channels (e.g., Spam [2], black-hat Search-Engine Optimization (SEO) [11]) and exploits (e.g., drive-by downloads [23]). What have been learnt includes the parties involved in a malicious campaign (e.g., affiliates, bot operators [28]), the underground economy behind such campaigns and how these parties work together [15], [12].…”

Section: Introductionmentioning

confidence: 99%

Finding the Linchpins of the Dark Web: a Study on Topologically Dedicated Hosts on Malicious Web Infrastructures

Zhou

Alrwais

Xie

et al. 2013

2013 IEEE Symposium on Security and Privacy

View full text Add to dashboard Cite

Malicious Web activities continue to be a major threat to the safety of online Web users. Despite the plethora forms of attacks and the diversity of their delivery channels, in the back end, they are all orchestrated through malicious Web infrastructures, which enable miscreants to do business with each other and utilize others' resources. Identifying the linchpins of the dark infrastructures and distinguishing those valuable to the adversaries from those disposable are critical for gaining an upper hand in the battle against them.In this paper, using nearly 4 million malicious URL paths crawled from different attack channels, we perform a largescale study on the topological relations among hosts in the malicious Web infrastructure. Our study reveals the existence of a set of topologically dedicated malicious hosts that play orchestrating roles in malicious activities. They are well connected to other malicious hosts and do not receive traffic from legitimate sites. Motivated by their distinctive features in topology, we develop a graph-based approach that relies on a small set of known malicious hosts as seeds to detect dedicate malicious hosts in a large scale. Our method is general across the use of different types of seed data, and results in an expansion rate of over 12 times in detection with a low false detection rate of 2%. Many of the detected hosts operate as redirectors, in particular Traffic Distribution Systems (TDSes) that are long-lived and receive traffic from new attack campaigns over time. These TDSes play critical roles in managing malicious traffic flows. Detecting and taking down these dedicated malicious hosts can therefore have more impact on the malicious Web infrastructures than aiming at short-lived doorways or exploit sites.

show abstract

Cybercrime 2.0

Abstract: Web-based malware attacks are more insidious than ever. What can be done to stem the tide?

Cited by 45 publications

References 2 publications

Malicious website identification using design attribute learning

Malicious website identification using design attribute learning

Systematic identification of threats in the cloud: A survey

Finding the Linchpins of the Dark Web: a Study on Topologically Dedicated Hosts on Malicious Web Infrastructures

Contact Info

Product

Resources

About