欢迎来到天天文库
浏览记录
ID:7283375
大小:399.30 KB
页数:11页
时间:2018-02-10
《detecting malicious websites by learning ip address features》由会员上传分享,免费在线阅读,更多相关内容在工程资料-天天文库。
1、2012IEEE/IPSJ12thInternationalSymposiumonApplicationsandtheInternetDetectingMaliciousWebsitesbyLearningIPAddressFeaturesDaikiChiba∗,KazuhiroTobe∗,TatsuyaMori†andShigekiGoto∗∗DepartmentofComputerScienceandEngineering,WasedaUniversity3-4-1Okubo,Shinjuku-ku,Tokyo169-8555JAP
2、ANEmail:{chiba,tobe,goto}@goto.info.waseda.ac.jp†NTTServiceIntegrationLaboratories,NTTCorporation3-9-11Midori-cho,Musashino-shi,Tokyo180-8585JAPANEmail:mori.tatsuya@lab.ntt.co.jpAbstract—Web-basedmalwareattackshavebecomeoneof themostseriousthreatsthatnee
3、dtobeaddressedurgently.Severalapproachesthathaveattractedattentionaspromising waysofdetectingsuchmalwareincludeemployingvariousblacklists.However,theseconventionalapproachesoftenfailtodetectnewattack
4、sowingtotheversatilityofmaliciouswebsites.Thus,itisdifficulttomaintainup-to-dateblack- listswithinformationregardingnewmaliciouswebsites.To tacklethisproblem,weproposeanewmethodfordetecting maliciouswebsi
5、tesusingthecharacteristicsofIPaddresses. OurapproachleveragestheempiricalobservationthatIP ! addressesaremorestablethanothermetricssuchasURLandDNS.WhilethestringsthatformURLsordomainnamesareFigure1.ProcedureofaDrive-by-DownloadAttack.hi
6、ghlyvariable,IPaddressesarelessvariable,i.e.,IPv4addressspaceismappedonto4-bytesstrings.Wedevelopalightweightandscalabledetectionschemebasedonthemachinelearningtechnique.Theaimofthisstudyisnottoprovideasinglecertainwebsites.Fig.1illustratestheprocedureofatypicalsolutiont
7、hateffectivelydetectsweb-basedmalwarebuttodrive-by-downloadattack.Whenabrowseraccessesacom-developatechniquethatcompensatesthedrawbacksofexistingapproaches.Wevalidatetheeffectivenessofourapproachbypromisedlandingsite,theHTTPconnectionisredirectedtousingrealIPaddressdataf
8、romexistingblacklistsandrealahoppingsite.Ahoppingsiteisawebsitethatcontainsatrafficdataonacampusnetwork.
此文档下载收益归作者所有