REdiREKT: Extracting Malicious Redirections from Exploit Kit Traffic
作者: Jonah Burgess , Domhnall Carlin , Philip O'Kane , Sakir Sezer
DOI: 10.1109/CNS48642.2020.9162304
关键词:
摘要: This paper proposes REdiREKT, a system which utilises the open-source Zeek Intrusion Detection System (IDS) to map HTTP redirection chains observed in Exploit Kit (EK) attacks and extracts distinguishing features assist machine learning (ML). We build ground-truth dataset of EK samples, ensuring that for every sample are accurate reusable future experiments. By processing unique combination 9 techniques, REdiREKT was able correctly extract 96.52% malicious domains from 1279 spanning 28 families 8 campaigns, and, only failed 0.7% chains. Using VirusTotal API filter out flagged as malicious, we benign Alexa top 10k websites, extracting 12,783 5910 The data is divided into yearly familybased categories compared results. Based on our analysis collected data, store 48 key websites within could aid ML-based detection efforts. Finally, evaluate performance compare it with existing research, suggest use-cases areas work.
sci-hub.st 参考文章(26)
Giancarlo De Maio, Alexandros Kapravelos, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna, PExy: The Other Side of Exploit Kits international conference on detection of intrusions and malware, and vulnerability assessment. pp. 132- 151 ,(2014) , 10.1007/978-3-319-08509-8_8
Yuta Takata, Mitsuaki Akiyama, Takeshi Yagi, Takeo Hariu, Shigeki Goto, MineSpider: Extracting URLs from Environment-Dependent Drive-by Download Attacks computer software and applications conference. ,vol. 2, pp. 444- 449 ,(2015) , 10.1109/COMPSAC.2015.76
Zhou Li, Kehuan Zhang, Yinglian Xie, Fang Yu, XiaoFeng Wang, Knowing your enemy Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 674- 686 ,(2012) , 10.1145/2382196.2382267
Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, J Alex Halderman, None, A Search Engine Backed by Internet-Wide Scanning computer and communications security. pp. 542- 553 ,(2015) , 10.1145/2810103.2813703
Birhanu Eshete, V. N. Venkatakrishnan, WebWinnow: leveraging exploit kit workflows to detect malicious urls conference on data and application security and privacy. pp. 305- 312 ,(2014) , 10.1145/2557547.2557575
Long Lu, Roberto Perdisci, Wenke Lee, SURF Proceedings of the 18th ACM conference on Computer and communications security - CCS '11. pp. 467- 476 ,(2011) , 10.1145/2046707.2046762
Wei Xu, Fangfang Zhang, Sencun Zhu, JStill Proceedings of the third ACM conference on Data and application security and privacy - CODASPY '13. pp. 117- 128 ,(2013) , 10.1145/2435349.2435364
Chris Grier, Andreas Pitsillidis, Niels Provos, M. Zubair Rafique, Moheeb Abu Rajab, Christian Rossow, Kurt Thomas, Vern Paxson, Stefan Savage, Geoffrey M. Voelker, Lucas Ballard, Juan Caballero, Neha Chachra, Christian J. Dietrich, Kirill Levchenko, Panayiotis Mavrommatis, Damon McCoy, Antonio Nappa, Manufacturing compromise Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 821- 832 ,(2012) , 10.1145/2382196.2382283
Hesham Mekky, Ruben Torres, Zhi-Li Zhang, Sabyasachi Saha, Antonio Nucci, Detecting Malicious HTTP Redirections Using Trees of User Browsing Activity international conference on computer communications. pp. 1159- 1167 ,(2014) , 10.1109/INFOCOM.2014.6848047
Gianluca Stringhini, Christopher Kruegel, Giovanni Vigna, Shady paths: leveraging surfing crowds to detect malicious web pages computer and communications security. pp. 133- 144 ,(2013) , 10.1145/2508859.2516682