Countermeasure against Drive by Download Attack by Analyzing Domain InformationProceeding: The Third International Conference on Digital Security and Forensics (DigitalSec2016)
Publication Date: 2016-09-06
Authors : Tadashi Kimura; Ryoichi Sasaki;
Page : 61-67
Keywords : Drive by Download; WHOIS; Support Vector Machine; Akaike's Information Criterion;
In recent years, malware infections by Drive by Download (DbD) attacks carried out with the cooperation of malicious web sites have caused serious damage. The blacklist method is a current typical countermeasure that blocks access to a malicious web site registered to a blacklist when the user's PC does a redirect. However, the attacker can install malicious web sites one after another, and it is impossible to add the malicious web sites to the blacklist immediately. Thereby, countermeasures against new malicious web sites are difficult using this method. To cope with this issue, we propose a method that utilizes a support vector machine (SVM) and the data in a domain name system (DNS) to identify the domain used in the DbD attack. The result of an experiment showed a detection rate of 92.75%.
Other Latest Articles
Last modified: 2016-09-11 23:54:01