Countermeasure against Drive by Download Attack by Analyzing Domain Information
Proceeding: The Third International Conference on Digital Security and Forensics (DigitalSec2016)Publication Date: 2016-09-06
Authors : Tadashi Kimura; Ryoichi Sasaki;
Page : 61-67
Keywords : Drive by Download; WHOIS; Support Vector Machine; Akaike's Information Criterion;
Abstract
In recent years, malware infections by Drive by Download (DbD) attacks carried out with the cooperation of malicious web sites have caused serious damage. The blacklist method is a current typical countermeasure that blocks access to a malicious web site registered to a blacklist when the user's PC does a redirect. However, the attacker can install malicious web sites one after another, and it is impossible to add the malicious web sites to the blacklist immediately. Thereby, countermeasures against new malicious web sites are difficult using this method. To cope with this issue, we propose a method that utilizes a support vector machine (SVM) and the data in a domain name system (DNS) to identify the domain used in the DbD attack. The result of an experiment showed a detection rate of 92.75%.
Other Latest Articles
- Proposal of Unified Data Management and Recovery Tool Using Shadow Copy
- Proposal of an Improved Event Tree and Defense Tree Combined Method for Risk Evaluation with Common Events
- Development and Evaluation of a Dynamic Security Evaluation System for the Cloud System Operation
- Application and Evaluation of Method for Establishing Consensus on Measures Based on Cybersecurity Framewor
- Systems in Danger: A Short Review on Metamorphic Computer Viruses
Last modified: 2016-09-11 23:54:01