2011/11/1 1 Long Lu, Wenke Lee College of Computing Georgia Inst. of Technology Roberto Perdisci Dept. of Computer Science University of Georgia.

Slides:



Advertisements
Similar presentations
TUF: Securing Software Update Systems on GENI Justin Cappos Department of Computer Science and Engineering University of Washington.
Advertisements

PhishZoo: Detecting Phishing Websites By Looking at Them
What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.
BLADE: An Attack-Agnostic Approach for Preventing Drive-By Malware Infections, L. Lu et al. BLADE: An Attack-Agnostic Approach for Preventing Drive-By.
Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.
By Hiranmayi Pai Neeraj Jain
Clickjacking Attacks and Defenses.
Understanding and Detecting Malicious Web Advertising
JShield: Towards Real-time and Vulnerability-based Detection of Polluted Drive-by Download Attacks Yinzhi Cao*, Xiang Pan**, Yan Chen** and Jianwei Zhuge***
A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared.
PERSISTENT DROPPING: An Efficient Control of Traffic Aggregates Hani JamjoomKang G. Shin Electrical Engineering & Computer Science UNIVERSITY OF MICHIGAN,
Cloak and Dagger. In a nutshell… Cloaking Cloaking in search engines Search engines’ response to cloaking Lifetime of cloaked search results Cloaked pages.
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
Web Based Attacks SymantecDefense Fantastic Four Casey Ford Mike Lombardo Ragnar Olson Maninder Singh.
Fall 2007cs4251 Distributed Computing Umar Kalim Dept. of Communication Systems Engineering 31/10/2007.
Web Page Behavior IS 373—Web Standards Todd Will.
14 1 Chapter 14 Database Connectivity and Web Development Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.
Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.
What is adaptive web technology?  There is an increasingly large demand for software systems which are able to operate effectively in dynamic environments.
WEB SCIENCE: SEARCHING THE WEB. Basic Terms Search engine Software that finds information on the Internet or World Wide Web Web crawler An automated program.
COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.
Norman SecureSurf Protect your users when surfing the Internet.
Prepared by Websites Development Team, CITC. Agenda Websites Development Challenges Main Features of Web CMS Faculty Website & Control Panel Navigation.
Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.
11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang /3/29.
DHTML - Introduction Introduction to DHTML, the DOM, JS review.
A Comparative Evaluation of HTML5 as a Pervasive Media Platform By Tom Melamed HP Ben Clayton HP Labs.
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
WARNINGBIRD: A Near Real-time Detection System for Suspicious URLs in Twitter Stream.
Dynamic Web Pages (Flash, JavaScript)
APT29 HAMMERTOSS Jayakrishnan M.
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
BY ANDREA ALMEIDA T.E COMP DON BOSCO COLLEGE OF ENGINEERING.
Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.
SURF:SURF: Detecting and Measuring Search Poisoning Long Lu, Roberto Perdisci, and Wenke Lee Georgia Tech and University of Georgia.
Badvertisements: Stealthy Click-Fraud with Unwitting Accessories Mona Gandhi Markus Jakobsson Jacob Ratkiewicz Indiana University at Bloomington Presented.
A Web Crawler Design for Data Mining
Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level Fifth level June 10 th, 2009Event details (title,
Midterm Review WEB DESIGN. FLASH What is Flash? –Flash is a multimedia graphics program specifically for use on the web –Flash enables you to create interactive.
Proof-Of-Concept: Signature Based Malware Detection for Websites and Domain Administrators - Anant Kochhar.
Fostering worldwide interoperabilityGeneva, July 2009 How to counter web-based attacks on the Internet in Korea Heung Youl YOUM Chairman of Korea.
Anti-Phishing Approaches Lifeng Hu
Web Searching Basics Dr. Dania Bilal IS 530 Fall 2009.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
Universiti Utara Malaysia Chapter 3 Introduction to ASP.NET 3.5.
Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
Ch. 7 -Attacking Session Management Latasha A. Gibbs CSCE 813 – Internet Security, Fall 2012 College of Engineering and Computing University of South Carolina.
Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.
JavaScript 101 Introduction to Programming. Topics What is programming? The common elements found in most programming languages Introduction to JavaScript.
Setting up a search engine KS 2 Search: appreciate how results are selected.
A Framework for Detection and Measurement of Phishing Attacks Reporter: Li, Fong Ruei National Taiwan University of Science and Technology 2/25/2016 Slide.
Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure Paper By : V.T.Lam, S.Antonatos, P.Akritidis, K.G.Anagnostakis Conference : ACM.
WEB MONITORING E6125 Web enHanced Information Management Presentation on Design of Web Monitoring applications. By Satyajeet Shaligram Columbia University.
By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,
Heat-seeking Honeypots: Design and Experience John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy and Martin Abadi WWW 2011 Presented by Elias P.
Data mining in web applications
January 31st, 2017 Samuel Marchal*, Giovanni Armano*, Kalle Saari*,
>> Introduction to Web Applications
Dynamic Web Pages (Flash, JavaScript)
Bus Seat Booking Script - Online Bus Booking Software - Online Bus Ticket Reservation System
Dude, where’s that IP? Circumventing measurement-based geolocation
Submitted By: Usha MIT-876-2K11 M.Tech(3rd Sem) Information Technology
Phillipa Gill University of Toronto
Dynamic Web Pages Jin Wu INF 385E Information Architecture
Objective Understand web-based digital media production methods, software, and hardware. Course Weight : 10%
Exploring DOM-Based Cross Site Attacks
Assoc. Prof. Hussam Elbehiery
Presentation transcript:

2011/11/1 1 Long Lu, Wenke Lee College of Computing Georgia Inst. of Technology Roberto Perdisci Dept. of Computer Science University of Georgia ACM CCS 2010

Agenda  Introduction  SURF  Search Engine  Search Poisoning  SURF Implementation & Evaluation  Discussion  Empirical Measurements  Related Work  Conclusion 2011/11/1 2

Introduction  Blackhat SEO Blackhat SEO  Search inflating  Search poisoning  SURF : detection system  Generality  Robustness  Wide deployability 2011/11/1 3

SURF (Search User Redirection Finder)  Run as a browser component(plugin) 2011/11/1 4

SURF  Report an in-depth study to motivate and inspire countermeasures against this increasing threat.  Be able to detect search poisoning with a 99.1% true positive rate at a 0.9% false positive rate  Provides insight into its fast growing trends. 2011/11/1 5

Search Engine  Search engines typically employ crawlers to discover newly created or updated webpages  Two advantages for abusers  Search engines trust the content on the webpages  a web server can easily distinguish between search crawlers and human visitors 2011/11/1 6

Search Poisoning  Preliminary study aimed to discover a set of robust features that can be leveraged for detection purposes  Ubiquitous use of cross-site redirections  Search poisoning as a service Search poisoning as a service  Sophisticated poisoning and evasion tricks  Persistence under transient appearances Persistence under transient appearances  Various malicious applications Various malicious applications 2011/11/1 7

Search Poisoning  Detection features 2011/11/1 8

SURF Implementation  As a plugin on IE8  “mshtml.dll” for HTML parsing  Listening for event notification  Peek into browser data  Emulating simple user interactions  Use BLADE to protect from drive-by download malwareBLADE 2011/11/1 9

SURF Evaluation  Three different experiments  Estimate SURF’s accuracyaccuracy  Attempts to show that SURF is able to detect generic search poisoning cases  Show what features are the most important for classification  IP-to-name ratio  redirection consistency & landing to terminal distance  2011/11/1 10

Discussion  During feature selection process, we discarded a few candidate features that may help the classification accuracy but are not robust(15 → 9)  Detecting search poisoning cases can reveal information about compromised websites and botnet organizations.  Single client side-share information 2011/11/1 11

Empirical Measurements  Micro Measurements 2011/11/1 12

Empirical Measurements  Macro Measurements 2011/11/1 13

Empirical Measurements 2011/11/1 14 Poor Japan earthquake Super Bowl

Empirical Measurements 2011/11/1 15

Related Work  Blackhat SEO countermeasures  Most detection methods work at the search engine level  Malicious webpage detection 2011/11/1 16

Conclusion  SURF : a novel detection system that runs as a browser component  Detect malicious search user redirections resulted from user clicking on poisoned search results  Robust features that is hard to evade  Detection rate of 99.1% at a false positive rate of 0.9% 2011/11/1 17

Thanks for your listening 2011/11/1 18

2011/11/1 19 Dynamically dispatch

D: drive-by-download F: fake AV P: rogue pharmacy Na: randomly legitimate search redirection cases 2011/11/1 20

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.