Classification of Exploit-Kit behaviors via machine learning approach
© 2018 Global IT Research Institute (GiRI). An Exploit-Kit (EK) is the cyber attacking tool which targets in finding vulnerabilities appeared on a web browser instance such as web-plugins, add-on instances usually installed in a web browser. Such instances may send some suitable malware payload thro...
Saved in:
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Conference or Workshop Item |
| Published: |
2019
|
| Subjects: | |
| Online Access: | https://repository.li.mahidol.ac.th/handle/123456789/45816 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Mahidol University |
| id |
th-mahidol.45816 |
|---|---|
| record_format |
dspace |
| spelling |
th-mahidol.458162019-08-23T18:08:06Z Classification of Exploit-Kit behaviors via machine learning approach Sukritta Harnmetta Sudsanguan Ngamsuriyaroj Mahidol University Engineering © 2018 Global IT Research Institute (GiRI). An Exploit-Kit (EK) is the cyber attacking tool which targets in finding vulnerabilities appeared on a web browser instance such as web-plugins, add-on instances usually installed in a web browser. Such instances may send some suitable malware payload through the vulnerabilities they found. This kind of such cyber-attack is known as the drive-by-download attack where malware downloading do not require any interaction from users. In addition, EK can do self-protection by imitating a benign website or responding to end-users with HTTP 404 error code whenever it encountered an unsupported target web browser. As a result, detecting EK requires a lot of effort. However, when an EK launches an attack, there are some patterns of interactions between a host and a victim. In this work, we obtain a set of data from www.malware-traffic-analysis.net and analyze those interactions in order to identify a set of features. We use such features to build a model for classifying interaction patterns of each EK type. Our experiments show that, with 5,743 network flows and 45 features, our model using Decision tree approach can classify EK traffic and EK type with accuracy of 97.74% and 97.11% respectively. In conclusion, our proposed work can help detect the behavior of EK with high accuracy. 2019-08-23T11:08:06Z 2019-08-23T11:08:06Z 2018-03-23 Conference Paper International Conference on Advanced Communication Technology, ICACT. Vol.2018-February, (2018), 468-473 10.23919/ICACT.2018.8323798 17389445 2-s2.0-85046744146 https://repository.li.mahidol.ac.th/handle/123456789/45816 Mahidol University SCOPUS https://www.scopus.com/inward/record.uri?partnerID=HzOxMe3b&scp=85046744146&origin=inward |
| institution |
Mahidol University |
| building |
Mahidol University Library |
| continent |
Asia |
| country |
Thailand Thailand |
| content_provider |
Mahidol University Library |
| collection |
Mahidol University Institutional Repository |
| topic |
Engineering |
| spellingShingle |
Engineering Sukritta Harnmetta Sudsanguan Ngamsuriyaroj Classification of Exploit-Kit behaviors via machine learning approach |
| description |
© 2018 Global IT Research Institute (GiRI). An Exploit-Kit (EK) is the cyber attacking tool which targets in finding vulnerabilities appeared on a web browser instance such as web-plugins, add-on instances usually installed in a web browser. Such instances may send some suitable malware payload through the vulnerabilities they found. This kind of such cyber-attack is known as the drive-by-download attack where malware downloading do not require any interaction from users. In addition, EK can do self-protection by imitating a benign website or responding to end-users with HTTP 404 error code whenever it encountered an unsupported target web browser. As a result, detecting EK requires a lot of effort. However, when an EK launches an attack, there are some patterns of interactions between a host and a victim. In this work, we obtain a set of data from www.malware-traffic-analysis.net and analyze those interactions in order to identify a set of features. We use such features to build a model for classifying interaction patterns of each EK type. Our experiments show that, with 5,743 network flows and 45 features, our model using Decision tree approach can classify EK traffic and EK type with accuracy of 97.74% and 97.11% respectively. In conclusion, our proposed work can help detect the behavior of EK with high accuracy. |
| author2 |
Mahidol University |
| author_facet |
Mahidol University Sukritta Harnmetta Sudsanguan Ngamsuriyaroj |
| format |
Conference or Workshop Item |
| author |
Sukritta Harnmetta Sudsanguan Ngamsuriyaroj |
| author_sort |
Sukritta Harnmetta |
| title |
Classification of Exploit-Kit behaviors via machine learning approach |
| title_short |
Classification of Exploit-Kit behaviors via machine learning approach |
| title_full |
Classification of Exploit-Kit behaviors via machine learning approach |
| title_fullStr |
Classification of Exploit-Kit behaviors via machine learning approach |
| title_full_unstemmed |
Classification of Exploit-Kit behaviors via machine learning approach |
| title_sort |
classification of exploit-kit behaviors via machine learning approach |
| publishDate |
2019 |
| url |
https://repository.li.mahidol.ac.th/handle/123456789/45816 |
| _version_ |
1763490878271258624 |