detecting malicious websites by learning ip address features

《detecting malicious websites by learning ip address features》由会员上传分享，免费在线阅读，更多相关内容在工程资料-天天文库。

1、2012IEEE/IPSJ12thInternationalSymposiumonApplicationsandtheInternetDetectingMaliciousWebsitesbyLearningIPAddressFeaturesDaikiChiba∗,KazuhiroTobe∗,TatsuyaMori†andShigekiGoto∗∗DepartmentofComputerScienceandEngineering,WasedaUniversity3-4-1Okubo,Shinjuku-ku,Tokyo169-8555JAP

2、ANEmail:{chiba,tobe,goto}@goto.info.waseda.ac.jp†NTTServiceIntegrationLaboratories,NTTCorporation3-9-11Midori-cho,Musashino-shi,Tokyo180-8585JAPANEmail:mori.tatsuya@lab.ntt.co.jpAbstract—Web-basedmalwareattackshavebecomeoneof themostseriousthreatsthatnee

3、dtobeaddressedurgently.Severalapproachesthathaveattractedattentionaspromising waysofdetectingsuchmalwareincludeemployingvariousblacklists.However,theseconventionalapproachesoftenfailtodetectnewattack

4、sowingtotheversatilityofmaliciouswebsites.Thus,itisdifficulttomaintainup-to-dateblack- listswithinformationregardingnewmaliciouswebsites.To     tacklethisproblem,weproposeanewmethodfordetecting maliciouswebsi

5、tesusingthecharacteristicsofIPaddresses. OurapproachleveragestheempiricalobservationthatIP ! addressesaremorestablethanothermetricssuchasURLandDNS.WhilethestringsthatformURLsordomainnamesareFigure1.ProcedureofaDrive-by-DownloadAttack.hi

6、ghlyvariable,IPaddressesarelessvariable,i.e.,IPv4addressspaceismappedonto4-bytesstrings.Wedevelopalightweightandscalabledetectionschemebasedonthemachinelearningtechnique.Theaimofthisstudyisnottoprovideasinglecertainwebsites.Fig.1illustratestheprocedureofatypicalsolutiont

7、hateffectivelydetectsweb-basedmalwarebuttodrive-by-downloadattack.Whenabrowseraccessesacom-developatechniquethatcompensatesthedrawbacksofexistingapproaches.Wevalidatetheeffectivenessofourapproachbypromisedlandingsite,theHTTPconnectionisredirectedtousingrealIPaddressdataf

8、romexistingblacklistsandrealahoppingsite.Ahoppingsiteisawebsitethatcontainsatrafficdataonacampusnetwork.