Detection and analysis of web-based malware and vulnerability

Wang, Junjie

doi:10.32657/10220/47659

Cited by 3 publications

(3 citation statements)

References 51 publications

(87 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…11 Attacker is capturing every activity of the victim on his/her machine on watching in real time the typed characters and taking note of the inserted password is not possible. However, a simple workaround is the installation of a keylogger on the attacker browser (a Chrome add-on in the test here described [32]). By that, anything the victim types (passwords, PINs, etc.)…”

Section: Bitm Experimental Resultsmentioning

confidence: 99%

“…-BitM client-side: in this case the attacker may insert malicious JavaScript code or web-based malware [32] in the web page served to the victim (the end user). By such an approach, for example, an attack might be arranged along the lines of the Man-in-the-Browser (MitB) attack described in the "Related Work" section: the victim might be lead to download all kinds of malware to be installed in the web browser or, more simply, to deceptively use a Browser Exploitation Framework (BeeF) [33,34].…”

Section: Possible Bitm Attacksmentioning

confidence: 99%

See 1 more Smart Citation

Browser-in-the-Middle (BitM) attack

Tommasi

Catalano

Taurino

2021

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Man-in-the-Middle (MitM), one of the best known attacks in the world of computer security, is among the greatest concerns for professionals in the field. Main goal of MitM is to compromise confidentiality, integrity and availability of data flowing between source and destination. However, most of its many variants involve difficulties that make it not always possible. The present paper aims at modelling and describing a new method of attack, named Browser-in-the-Middle (BitM) which, despite the similarities with MitM in the way it controls the data flow between a client and the service it accesses, bypasses some of MitM’s typical shortcomings. It could be started by phishing techniques and in some cases coupled to the well-known Man-in-the-Browser (MitB) attack. It will be seen how BitM expands the range of the possible attacker’s actions, at the same time making them easier to implement. Among its features, the absence of the need to install malware of any kind on the victim’s machine and the total control it allows the attacker are to be emphasized.

show abstract

Section: Bitm Experimental Resultsmentioning

confidence: 99%

Section: Possible Bitm Attacksmentioning

confidence: 99%

Browser-in-the-Middle (BitM) attack

Tommasi

Catalano

Taurino

2021

Int. J. Inf. Secur.

View full text Add to dashboard Cite

show abstract

“…A report from Dasient, and cited by Chang et al (2013), suggests that the number of malware delivering websites doubled between 2009 and 2010. "There were 3.424 billion people using the Internet by July 2018" (Wang, 2018). Carrying out activities on an infected website is a sufficient pathway for an attacker to take advantage of the weakness of a browser.…”

Section: Introductionmentioning

confidence: 99%

EEMDS: Efficient and Effective Malware Detection System with Hybrid Model based on XceptionCNN and LightGBM Algorithm

Onoja

Jegede

Blamah

et al. 2022

JCSI

View full text Add to dashboard Cite

The security threats posed by malware make it imperative to build a model for efficient and effective classification of malware based on its family, irrespective of the variant. Preliminary experiments carried out demonstrate the suitability of the generic LightGBM algorithm for Windows malware as well as its effectiveness and efficiency in terms of detection accuracy, training accuracy, prediction time and training time. The prediction time of the generic LightGBM is 0.08s for binary class and 0.40s for multi-class on the Malimg dataset. The classification accuracy of the generic LightGBM is 99% True Positive Rate (TPR). Its training accuracy is 99.80% for binary class and 96.87% for multi-class, while the training time is 179.51s and 2224.77s for binary and multi classification respectively. The performance of the generic LightGBM leaves room for improvement, hence, the need to improve the classification accuracy and training accuracy of the model for effective decision making and to reduce the prediction time and training time for efficiency. It is also imperative to improve the performance and accuracy for effectiveness on larger samples. The goal is to enhance the detection accuracy and reduce the prediction time. The reduction in prediction time provides early detection of malware before it damages files stored in computer systems. Performance evaluation based on Malimg dataset demonstrates the effectiveness and efficiency of the hybrid model. The proposed model is a hybrid model which integrates XceptionCNN with LightGBM algorithm for Windows Malware classification on google colab environment. It uses the Malimg malware dataset which is a benchmark dataset for Windows malware image classification. It contains 9,339 Malware samples, structured as grayscale images, consisting of 25 families and 1,042 Windows benign executable files extracted from Windows environments. The proposed XceptionCNN-LightGBM technique provides improved classification accuracy of 100% TPR, with an overall reduction in the prediction time of 0.08s and 0.37s for binary and multi-class respectively. These are lower than the prediction time for the generic LightGBM which is 0.08s for binary class and 0.40s for multi-class, with an improved 100% classification accuracy. The training accuracy increased to 99.85% for binary classification and 97.40% for multi classification, with reduction in the training time of 29.97s for binary classification and 447.75s for multi classification. These are also lower than the training times for the generic LightGBM model, which are 179.51s and 2224.77s for the binary and multi classification respectively. This significant reduction in the training time makes it possible for the model to converge quickly and train a large sum of data within a relatively short period of time. Overall, the reduction in detection time and improvement in detection accuracy will minimize damages to files stored in computer systems in the event of malware attack.

show abstract