Hence, fast detection of malicious URLs is useful, because the URLs can then be distributed to blacklists maintained by various security systems. Malicious URLs that activate drive-by downloads are a popular form of exploitation and malware delivery. Thus, detecting websites that propagate malware and developing techniques to neutralize them is crucial. More recent types of malware, such as ransomware, in conjunction with exploit toolkits, have evolved to become more complex, automated, and impossible to decrypt. Therefore, the concealment of malware on webpages is one of the most dangerous types of cyberattack, and poses a significant threat to the integrity of critical systems. In this Web architecture, one malicious webpage can contaminate several thousand user PCs in minutes. Introduction Since the initial development of Web browsers, there have been a growing number of attempts to infect online systems by transmitting malware through browsers. Most importantly, WebMon’s focus on extracting malicious paths in a domain is a novel approach that has not been explored in previous studies.ġ. In this configuration, the proposed model yields a detection rate of 98%, and is 7.6 times faster (with a container) than previously proposed models. WebMon detects a variety of attacks by running 250 containers simultaneously. WebMon effectively detects hidden exploit codes by tracing linked URLs to confirm whether the relevant websites are malicious.
In response to this threat, we present an automated, low-interaction malicious webpage detector, WebMon, that identifies invasive roots in Web resources loaded from WebKit2-based browsers using machine learning and YARA signatures. Their attempts to infect target systems via the Web have increased with time and are unlikely to abate.
Graduate School of Information Security, School of Computing, Korea Advanced Institute of Science and Technology (KAIST), Daejeon, Republic of Korea NCSOFT JAPAN K.K., Tokyo, Japan, 106-0032 c Information Sharing and Analysis Center, SGA Systems, Seoul, Republic of Korea d Department of Computer Science, Kyonggi University, Kyonggido, Republic of Korea bĪrticle history: Received Revised 13 February 2018 Accepted 11 March 2018 Available online 14 March 2018 Keywords: Docker Machine learning Malicious URL WebKit2 YARAĪ b s t r a c t Attackers use the openness of the Internet to facilitate the dissemination of malware. Contents lists available at ScienceDirectĬomputer Networks journal homepage: WebMon: ML- and YARA-based malicious webpage detection Sungjin Kim a, Jinkook Kim b, Seokwoo Nam c, Dohoon Kim d,∗ a
0 kommentar(er)
