ResearchBib Share Your Research, Maximize Your Social Impacts
Sign for Notice Everyday Sign up >> Login

Countermeasure against Drive by Download Attack by Analyzing Domain Information

Proceeding: The Third International Conference on Digital Security and Forensics (DigitalSec2016)

Publication Date:

Authors : ; ;

Page : 61-67

Keywords : Drive by Download; WHOIS; Support Vector Machine; Akaike's Information Criterion;

Source : Downloadexternal Find it from : Google Scholarexternal

Abstract

In recent years, malware infections by Drive by Download (DbD) attacks carried out with the cooperation of malicious web sites have caused serious damage. The blacklist method is a current typical countermeasure that blocks access to a malicious web site registered to a blacklist when the user's PC does a redirect. However, the attacker can install malicious web sites one after another, and it is impossible to add the malicious web sites to the blacklist immediately. Thereby, countermeasures against new malicious web sites are difficult using this method. To cope with this issue, we propose a method that utilizes a support vector machine (SVM) and the data in a domain name system (DNS) to identify the domain used in the DbD attack. The result of an experiment showed a detection rate of 92.75%.

Last modified: 2016-09-11 23:54:01