Source: Computer & Security, Vol. 77, No. 1, pp , Aug

Slides:

Advertisements

Similar presentations

PhishZoo: Detecting Phishing Websites By Looking at Them

Advertisements

Date: 2013/1/17 Author: Yang Liu, Ruihua Song, Yu Chen, Jian-Yun Nie and Ji-Rong Wen Source: SIGIR12 Advisor: Jia-ling Koh Speaker: Chen-Yu Huang Adaptive.

11 PhishNet: Predictive Blacklisting to detect Phishing Attacks Reporter: Gia-Nan Gao Advisor: Chin-Laung Lei 2010/4/26.

Reporter: Jing Chiu Advisor: Yuh-Jye Lee /7/181Data Mining & Machine Learning Lab.

Report : 鄭志欣 Advisor: Hsing-Kuo Pao 1 Learning to Detect Phishing s I. Fette, N. Sadeh, and A. Tomasic. Learning to detect phishing s. In Proceedings.

Design and Evaluation of a Real-Time URL Spam Filtering Service

Patch to the Future: Unsupervised Visual Prediction

1 Efficient Private Matching and Set Intersection (EUROCRYPT, 2004) Author ： Michael J.Freedman Kobbi Nissim Benny Pinkas Presentered by Chia Jui Hsu Date.

Accurately Detect Parked Domain Typo- squatting Attacks Mishari Almishari and Xiaowei Yang University of California, Irvine Donald Bren School of Information.

JSP 簡介. Outline 什麼是 JSP? JSP 運作模式安裝 JSP JSP 範例一 JSP 範例二.

Prophiler: A fast filter for the large-scale detection of malicious web pages Reporter : 鄭志欣 Advisor: Hsing-Kuo Pao Date : 2011/03/31 1.

Learning Table Extraction from Examples Ashwin Tengli, Yiming Yang and Nian Li Ma School of Computer Science Carnegie Mellon University Coling 04.

Improving web image search results using query-relative classifiers Josip Krapacy Moray Allanyy Jakob Verbeeky Fr´ed´eric Jurieyy.

Automated malware classification based on network behavior

PhishNet: Predictive Blacklisting to Detect Phishing Attacks Pawan Prakash Manish Kumar Ramana Rao Kompella Minaxi Gupta Purdue University, Indiana University.

WARNINGBIRD: A Near Real-time Detection System for Suspicious URLs in Twitter Stream.

Engineering Applications of Artificial Intelligence,

Visual-Similarity-Based Phishing Detection Eric Medvet, Engin Kirda, Christopher Kruegel SecureComm 2008 Sep.

Reporter: Li, Fong Ruei National Taiwan University of Science and Technology 9/19/2015Slide 1 (of 32)

資訊碩一蔡勇儀  Introduction  Method  Background generation and updating  Detection of moving object  Shape control points.

FluXOR: Detecting and Monitoring Fast-Flux Service Networks Emanuele Passerini, Roberto Paleari, Lorenzo Martignoni, and Danilo Bruschi 5th international.

nd Joint Workshop between Security Research Labs in JAPAN and KOREA Profile-based Web Application Security System Kyungtae Kim High Performance.

南台科技大學資訊工程系 Automatic Website Summarization by Image Content: A Case Study with Logo and Trademark Images Evdoxios Baratis, Euripides G.M. Petrakis, Member,

Cloak and Dagger: Dynamics of Web Search Cloaking David Y. Wang, Stefan Savage, and Geoffrey M. Voelker University of California, San Diego 左昌國 Seminar.

ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities Presented by Xianchen Meng CSCI 680 Advanced System and.

1 Optimal Resource Placement in Structured Peer-to-Peer Networks Authors: W. Rao, L. Chen, A.W.-C. Fu, G. Wang Source: IEEE Transactions on Parallel and.

Phishing Webpage Detection Jau-Yuan Chen COMS E6125 WHIM March 24, 2009.

1 Multiple Classifier Based on Fuzzy C-Means for a Flower Image Retrieval Keita Fukuda, Tetsuya Takiguchi, Yasuo Ariki Graduate School of Engineering,

Lexical Feature Based Phishing URL Detection Using Online Learning Reporter: Jing Chiu Advisor: Yuh-Jye Lee /3/17Data.

多媒體網路安全實驗室 Ontological recommendation multi-agent for Tainan City travel Date ： Speaker : Hong Ji Wei Authors : Chang-Shing, Lee,Young-Chung.

1 Source: Journal of Chemical Information & Computer Sciences, 2003, vol.43, pp Authors: K. Kaczmarek, B. Walczak, S. de Jong, and B. G. M. Vandeginste.

Web mining：a survey in the fuzzy framework

Reporter: Jing Chiu Advisor: Yuh-Jye Lee /3/17 1 Data Mining and Machine Learning Lab.

1/18 New Feature Presentation of Transition Probability Matrix for Image Tampering Detection Luyi Chen 1 Shilin Wang 2 Shenghong Li 1 Jianhua Li 1 1 Department.

By Using Statistical Models to Detect the Characteristics of Human Face 利用統計模型在彩色圖像中偵測人臉特徵逄霖生中國文化大學電機工程學系.

Blind image data hiding based on self reference Source : Pattern Recognition Letters, Vol. 25, Aug. 2004, pp Authors: Yulin Wang and Alan Pearmain.

VCPSS ： A two-in-one two-decoding-options image sharing method combining visual cryptography (VC) and polynomial-style sharing (PSS) approaches Sian-Jheng.

1 Block Truncation Coding Using Pattern Fitting Source: Pattern Recognition, vol.37, 2004, pp Authors: Bibhas Chandra Dhara, Bhabatosh Chanda.

A Framework for Detection and Measurement of Phishing Attacks Reporter: Li, Fong Ruei National Taiwan University of Science and Technology 2/25/2016 Slide.

Don’t Follow me : Spam Detection in Twitter January 12, 2011 In-seok An SNU Internet Database Lab. Alex Hai Wang The Pensylvania State University International.

 Effective Multi-Label Active Learning for Text Classification Bishan yang, Juan-Tao Sun, Tengjiao Wang, Zheng Chen KDD’ 09 Supervisor: Koh Jia-Ling Presenter:

Fast Human Detection in Crowded Scenes by Contour Integration and Local Shape Estimation Csaba Beleznai, Horst Bischof Computer Vision and Pattern Recognition,

Heat-seeking Honeypots: Design and Experience John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy and Martin Abadi WWW 2011 Presented by Elias P.

Short Text Similarity with Word Embedding Date: 2016/03/28 Author: Tom Kenter, Maarten de Rijke Source: CIKM’15 Advisor: Jia-Ling Koh Speaker: Chih-Hsuan.

CPSC FALL 2015TEAM P6 Real-time Detection System for Suspicious URLs Submitted by T.ANUPCHANDRA V.KRANTHI SUDHA CH.KRISHNAPRASAD Under Guidance.

Watermarking Scheme Capable of Resisting Sensitivity Attack

Advisor: Chang, Chin-Chen Student: Chen, Chang-Chu

JPEG Compressed Image Retrieval via Statistical Features

A Pool of Deep Models for Event Recognition

Source: The Journal of Systems and Software, Volume 67, Issue 2, pp ,

BotCatch: A Behavior and Signature Correlated Bot Detection Approach

A new data transfer method via signal-rich-art code images captured by mobile devices Source: IEEE Transactions on Circuits and Systems for Video Technology,

Liang Zheng and Yuzhong Qu

Author: Ye Li, Meng Joo Er, and Dayong Shen Speaker: Kai-Wen, Weng

An Improved Neural Network Algorithm for Classifying the Transmission Line Faults Slavko Vasilic Dr Mladen Kezunovic Texas A&M University.

Adaboost for faces. Material

Department of Electrical Engineering

Binghui Wang, Le Zhang, Neil Zhenqiang Gong

Leverage Consensus Partition for Domain-Specific Entity Coreference

Controllable and Trustworthy Blockchain-based Cloud Data Management

Date: 2012/11/15 Author: Jin Young Kim, Kevyn Collins-Thompson,

Color Image Retrieval based on Primitives of Color Moments

Data hiding method using image interpolation

A Self-Reference Watermarking Scheme Based on Wet Paper Coding

Source: IEEE Transactions on multimedia, Vol. 21, No

An imperceptible spatial domain color image watermarking scheme

A Fast No Search Fractal Image Coding Method

Renovating Blockchain with Distributed Database: An Open Source System

Rich QR Codes With Three-Layer Information Using Hamming Code

Presentation transcript:

Malicious URL Protection based on Attackers’ Habitual Behavioral Analysis Source: Computer & Security, Vol. 77, No. 1, pp. 790-806, Aug. 2018. Author: Sungjin Kim, Jinkook Kim, and Brent ByungHoon Kang Speaker: Ren-Kai Yang Date: 2019/02/14

Outline Introduction Related works Proposed scheme Performance evaluation Conclusions

Introduction(1/3) www.youtub.com www.facebookc.om Which one is the real Google site? 1. www.google.com 2. www.googIe.com 3. www.goog1e.com Malicious URL(Uniform Resource Locator) 植入網址(在網站建立新的網頁) 內容程式碼(在HTML中植入javascript讓你網站的訪客重新導向到預先建立的惡意網站)

Introduction(2/3) Phishing email

Introduction(3/3) Source: https://blog.darkthread.net/blog/iframe-clickjacking/

Related works(1/4) Web-filtering

Related works(2/4) WHOIS

Related works(3/4) Alexa 101-1000

Related works(4/4) URL: 140.134.131.145/discussion/Query.php Feature-based URL: 140.134.131.145/discussion/Query.php Hostname Pathname Filename

Proposed scheme(1/4) Fuzzy-based similarly matching

Optimizing URLs to three malicious pools Proposed scheme(2/4) 204-222 (39%) 50-70 (19%) 110-121 (17%) 173-175 (10%) Feature extraction and grouping Training Optimizing URLs to three malicious pools 1. Domain pool 2. Path pool 3. Filename pool Classifier Based on similarity matching Domain Pathname Filename 211.24.196.113/images/index.html 110.34.196.114/PEG/ad/index1.html 110.34.196.115/PEG/js/index.php Classifier

Proposed scheme(3/4) 110.34.196.113/PEG/js/index2.html Similarity measure and modeling 110.34.196.113/PEG/js/index2.html Parsing 1. Domain string 2. Path string 3. Filename string Fuzzing Classifier Result Input URL A parsed URL Output New URLs (Malicious & Benign) Levenshtein distance Domain Pathname Filename 211.24.196.113 images index.html 110.34.196.114 PEG/js index1.html 110.34.196.115 PEG/ad index.php

Proposed scheme(4/4) Similarity measure and modeling(cont.) Malicious or Benign? 110.34.196.220/PEG/jslab/index2.html Domain 211.24.196.113 110.34.196.114 110.34.196.115 ＊ Threshold = 0.9 Filename index.html index1.html index.php 110.34.196.113 (0.45) index2.html (0.9) 110.34.196.113 (0.72) index2.html (0.9) 110.34.196.113 (0.72) index2.html (0.54) Pathname images PEG/js PEG/ad ＊ Levenshtein distance = 7 (0.93) PEG/jslab (0) PEG/jslab (0.66) PEG/jslab (0.55)

Performance evaluation(1/3) The average of the similarity probability ratio related to three finite feature sets.

Performance evaluation(2/3) Variation in detection rate according to manipulation of FW threshold. Same Different Same Different

Performance evaluation(3/3) Performance results Test Fuzzy Benign 573 6.885s Malicious 1301 56.083s Total 1874 62.968s

Conclusions Behaviors

Optimizing URLs to three malicious pools Training Optimizing URLs to three malicious pools 1. Domain pool 2. Path pool 3. Filename pool Classifier Based on similarity matching Dataset selection Feature extraction Malicious URLs Distribution URLs Test Step Parsing 1. Domain string 2. Path string 3. Filename string Fuzzing Classifier Result Input URL A parsed URL Output New URLs (Malicious & Benign)