Detecting and Preventing Drive-By Download Attack via Participative Monitoring of the Web

Matsunaka, Takashi; Urakawa, Junpei; Kubota, Ayumu

doi:10.1109/asiajcis.2013.15

Cited by 5 publications

(8 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…FCDBD: FRAMEWORK FOR COUNTERING DRIVE-BY DOWNLOAD FCDBD [2] is implemented based on the concept described in [1]. Figure 2 shows an overview of FCDBD.…”

Section: Related Workmentioning

confidence: 99%

“…To overcome such problems in the existing studies, we implemented a framework, FCDBD (Framework for Countering Drive-By Download), to detect and prevent driveby download [2] based on the concept described in [1]. FCDBD consists of monitoring sensors located on the clientside and an analyzing center located on the network-side.…”

Section: Introductionmentioning

confidence: 99%

“…This approach focuses on the following characteristics of the web page transition behaviors when users are forced to download malware from malicious distribution sites: (1) there is no information about referrers of malicious URLs in all HTTP headers of all web accesses triggered by accessing landing sites, (2) there is no information that indicates the transition to malicious URLs (malwares) in all HTML or JavaScript files that are downloaded by accessing landing sites. These characteristics are caused by the following trends in malicious websites.…”

Section: Introductionmentioning

confidence: 99%

“…Since these malicious websites are ephemeral, it is difficult to keep pace with the emerging and disappearing of such websites. To detect and prevent such attacks, we implemented a framework that aims to detect and prevent drive-by download with users' voluntary monitoring of the web [1], [2].In this paper, we propose an approach to detect and prevent drive-by download based on the characteristics of web page transition behaviors caused by malicious websites that force users to download malicious software. We evaluated our approach by using a dataset provided by The Anti Malware Engineering Workshop (MWS2013) [4] as samples of malicious websites and web access data collected by a monitoring sensor in our framework.…”

mentioning

confidence: 99%

mentioning

confidence: 99%

See 4 more Smart Citations

An Approach to Detect Drive-By Download by Observing the Web Page Transition Behaviors

Matsunaka

Kubota

Kasama

2014

2014 Ninth Asia Joint Conference on Information Security

Self Cite

View full text Add to dashboard Cite

Drive-by download is one of the major threats to the Web infrastructure. It is triggered by user access to a malicious website and forces users to download malware by exploiting the vulnerabilities of web browsers or plug-ins. Since these malicious websites are ephemeral, it is difficult to keep pace with the emerging and disappearing of such websites. To detect and prevent such attacks, we implemented a framework that aims to detect and prevent drive-by download with users' voluntary monitoring of the web [1], [2].In this paper, we propose an approach to detect and prevent drive-by download based on the characteristics of web page transition behaviors caused by malicious websites that force users to download malicious software. We evaluated our approach by using a dataset provided by The Anti Malware Engineering Workshop (MWS2013) [4] as samples of malicious websites and web access data collected by a monitoring sensor in our framework. Our evaluation shows that our detection algorithm can accurately detect drive-by downloads if a series of transitions caused by drive-by downloads is completely conducted.

show abstract

“…FCDBD: FRAMEWORK FOR COUNTERING DRIVE-BY DOWNLOAD FCDBD [2] is implemented based on the concept described in [1]. Figure 2 shows an overview of FCDBD.…”

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

mentioning

confidence: 99%

mentioning

confidence: 99%

See 3 more Smart Citations

An Approach to Detect Drive-By Download by Observing the Web Page Transition Behaviors

Matsunaka

Kubota

Kasama

2014

2014 Ninth Asia Joint Conference on Information Security

Self Cite

View full text Add to dashboard Cite

show abstract

Detection and Analysis of Drive-by Downloads and Malicious Websites

Ibrahim

Herami

Naqbi

et al. 2020

Communications in Computer and Information Science

View full text Add to dashboard Cite

A drive-by download is a download that occurs without users action or knowledge. It usually triggers an exploit of vulnerability in a browser to downloads an unknown file. The malicious program in the downloaded file installs itself on the victims machine. Moreover, the downloaded file can be camouflaged as an installer that would further install malicious software. Drive-by downloads is a very good example of the exponential increase in malicious activity over the Internet and how it affects the daily use of the web. In this paper, we try to address the problem caused by drive-by downloads from different standpoints. We provide in-depth understanding of the difficulties in dealing with drive-by downloads and suggest appropriate solutions. We propose machine learning and feature selection solutions to remedy the drive-by download problem. Experimental results reported 98.2% precision, 98.2% F-Measure and 97.2% ROC area.

show abstract

Potential Risk Analysis Method for Malware Distribution Networks

Kim

2019

IEEE Access

View full text Add to dashboard Cite

In this study, the structural characteristics of malware distribution networks (MDNs) were examined and the network centrality of the relationships between websites containing malware, infection sites, intermediate connection sites, and initial connection sites were analyzed. The core malware sites within MDNs that contribute to the success of cyberattacks were identified, and the overall risk of the MDNs, which changes dynamically, was examined quantitatively to predict additional attacks. As such, real-time security events occurring in the information security systems of target organizations were collected and analyzed, and different types of security intelligence were assessed to recreate various MDNs. In addition, the risk levels of malicious URLs, IPs, etc. in MDNs were analyzed continuously over time, and a model suitable for predicting potential attack times was developed. The developed model identified the characteristics of potential future cyberattacks based on the analyzed initial MDN risk level, as well as the connectivity of and malware associated with the MDN, which change over time, thereby maintaining an average prediction accuracy of 94.9% over one week.

show abstract

Detecting and Preventing Drive-By Download Attack via Participative Monitoring of the Web

Cited by 5 publications

References 5 publications

An Approach to Detect Drive-By Download by Observing the Web Page Transition Behaviors

An Approach to Detect Drive-By Download by Observing the Web Page Transition Behaviors

Detection and Analysis of Drive-by Downloads and Malicious Websites

Potential Risk Analysis Method for Malware Distribution Networks

Contact Info

Product

Resources

About