Abstract
Drive-by downloads attack has become the primary attack vehicle for malware distribution in recent years. One existing method of detecting drive-by download attacks is using static analysis technique. However, static detection methods are vulnerable to sophisticated obfuscation and cloaking. Dynamic detection methods are proposed to overcome the shortcomings of static analysis techniques and can get a higher detection rate. But dynamic anomaly detection methods are typically resource intensive and introduce high time overhead. To improve performance of dynamic detection techniques, we designed SafeBrowingCloud, a system based on apache S4, a distributed computing platform. And the system is deployed at edge router. SafeBrowingCloud analyzes network traffic, executes webpages in firefox with modified javascript engine, abstracts javascript strings and detects shellcode with three shellcode detection methods to find malicious web pages. Experimental results show efficiency of the proposed system with the high-speed network traffic.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Bannur, S.N., Saul, L.K., Savage, S.: Judging a site by its content: learning the textual, structural, and visual features of malicious web pages. In: Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence, pp. 1–10. ACM (2011)
Egele, M., Wurzinger, P., Kruegel, C., Kirda, E.: Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks. In: Flegel, U., Bruschi, D. (eds.) DIMVA 2009. LNCS, vol. 5587, pp. 88–106. Springer, Heidelberg (2009)
Eshete, B., Villafiorita, A., Weldemariam, K.: Malicious website detection: Effectiveness and efficiency issues. In: 2011 First SysSec Workshop (SysSec), pp. 123–126. IEEE (2011)
Gamayunov, D., Quan, N., Sakharov, F., Toroshchin, E.: Racewalk: fast instruction frequency analysis and classification for shellcode detection in network flow. In: 2009 European Conference on Computer Network Defense (EC2ND), pp. 4–12. IEEE (2009)
Hou, Y.-T., Chang, Y., Chen, T., Laih, C.-S., Chen, C.-M.: Malicious web content detection by machine learning. Expert Systems with Applications 37(1), 55–60 (2010)
Jayasinghe, G.K., Shane Culpepper, J., Bertok, P.: Efficient and effective realtime prediction of drive-by download attacks. Journal of Network and Computer Applications 38, 135–149 (2014)
Likarish, P., Jung, E., Jo, I.: Obfuscated malicious javascript detection using classification techniques. In: 2009 4th International Conference on Malicious and Unwanted Software (MALWARE), pp. 47–54. IEEE (2009)
Lu, L., Yegneswaran, V., Porras, P., Lee, W.: Blade: an attack-agnostic approach for preventing drive-by malware infections. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 440–450. ACM (2010)
Ratanaworabhan, P., Livshits, V.B., Zorn, B.G.: Nozzle: A defense against heap-spraying code injection attacks. In: USENIX Security Symposium, pp. 169–186 (2009)
Seifert, C., Komisarczuk, P., Welch, I.: True positive cost curve: A cost-based evaluation method for high-interaction client honeypots. In: Third International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2009, pp. 63–69. IEEE (2009)
Seifert, C., Welch, I., Komisarczuk, P.: Application of divide-and-conquer algorithm paradigm to improve the detection speed of high interaction client honeypots. In: Proceedings of the 2008 ACM Symposium on Applied Computing, pp. 1426–1432. ACM (2008)
Wang, X., Pan, C.-C., Liu, P., Zhu, S.: Sigfree: A signature-free buffer overflow attack blocker. IEEE Transactions on Dependable and Secure Computing 7(1), 65–79 (2010)
Wang, Y.-M., Niu, Y., Chen, H., Beck, D., Jiang, X., Roussev, R., Verbowski, C., Chen, S., King, S.: Strider honeymonkeys: Active, client-side honeypots for finding malicious websites (2007), http://research.microsoft.com/users/shuochen/HM.PDF
Zhang, Q., Reeves, D.S., Ning, P., Iyer, S.P.: Analyzing network traffic to detect self-decrypting exploit code. In: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, pp. 4–12. ACM (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Zhang, H., Zuo, C., Guo, S., Cui, L., Chen, J. (2014). SafeBrowsingCloud: Detecting Drive-by-Downloads Attack Using Cloud Computing Environment. In: Hsu, R.CH., Wang, S. (eds) Internet of Vehicles – Technologies and Services. IOV 2014. Lecture Notes in Computer Science, vol 8662. Springer, Cham. https://doi.org/10.1007/978-3-319-11167-4_29
Download citation
DOI: https://doi.org/10.1007/978-3-319-11167-4_29
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11166-7
Online ISBN: 978-3-319-11167-4
eBook Packages: Computer ScienceComputer Science (R0)