detecting malicious websites by learning ip address features

《detecting malicious websites by learning ip address features》由會(huì)員上傳分享，免費(fèi)在線閱讀，更多相關(guān)內(nèi)容在工程資料-天天文庫(kù)。

1、2012IEEE/IPSJ12thInternationalSymposiumonApplicationsandtheInternetDetectingMaliciousWebsitesbyLearningIPAddressFeaturesDaikiChiba?,KazuhiroTobe?,TatsuyaMori?andShigekiGoto??DepartmentofComputerScienceandEngineering,WasedaUniversity3-4-1Okubo,Shinjuku-ku,Tokyo169-8555JAP

2、ANEmail:{chiba,tobe,goto}@goto.info.waseda.ac.jp?NTTServiceIntegrationLaboratories,NTTCorporation3-9-11Midori-cho,Musashino-shi,Tokyo180-8585JAPANEmail:mori.tatsuya@lab.ntt.co.jpAbstract—Web-basedmalwareattackshavebecomeoneof themostseriousthreatsthatnee

3、dtobeaddressedurgently.Severalapproachesthathaveattractedattentionaspromising waysofdetectingsuchmalwareincludeemployingvariousblacklists.However,theseconventionalapproachesoftenfailtodetectnewattack

4、sowingtotheversatilityofmaliciouswebsites.Thus,itisdif?culttomaintainup-to-dateblack- listswithinformationregardingnewmaliciouswebsites.To     tacklethisproblem,weproposeanewmethodfordetecting maliciouswebsi

5、tesusingthecharacteristicsofIPaddresses. OurapproachleveragestheempiricalobservationthatIP ! addressesaremorestablethanothermetricssuchasURLandDNS.WhilethestringsthatformURLsordomainnamesareFigure1.ProcedureofaDrive-by-DownloadAttack.hi

6、ghlyvariable,IPaddressesarelessvariable,i.e.,IPv4addressspaceismappedonto4-bytesstrings.Wedevelopalightweightandscalabledetectionschemebasedonthemachinelearningtechnique.Theaimofthisstudyisnottoprovideasinglecertainwebsites.Fig.1illustratestheprocedureofatypicalsolutiont

7、hateffectivelydetectsweb-basedmalwarebuttodrive-by-downloadattack.Whenabrowseraccessesacom-developatechniquethatcompensatesthedrawbacksofexistingapproaches.Wevalidatetheeffectivenessofourapproachbypromisedlandingsite,theHTTPconnectionisredirectedtousingrealIPaddressdataf

8、romexistingblacklistsandrealahoppingsite.Ahoppingsiteisawebsitethatcontainsatraf?cdataonacampusnetwork.