Chen et al., 2013 - Google Patents
Detecting web attacks based on domain statisticsChen et al., 2013
- Document ID
- 13164667004818025041
- Author
- Chen C
- Huang J
- Ou Y
- Publication year
- Publication venue
- Pacific-Asia Workshop on Intelligence and Security Informatics
External Links
Snippet
The most reliable approach for identifying malicious web sites is honeypot, an execution- based method, but it is time consuming and computation intensive. The challenge is that the web traffic is huge in a network and an efficient classification method is desired to process …
- 238000001514 detection method 0 abstract description 27
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/316—User authentication by observing the pattern of computer usage, e.g. typical user behaviour
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/83—Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Vinayakumar et al. | Scalable framework for cyber threat situational awareness based on domain name systems data analysis | |
| Torabi et al. | Detecting Internet abuse by analyzing passive DNS traffic: A survey of implemented systems | |
| Lever et al. | A lustrum of malware network communication: Evolution and insights | |
| Pearce et al. | Global measurement of {DNS} manipulation | |
| Maroofi et al. | Comar: Classification of compromised versus maliciously registered domains | |
| Bilge et al. | Exposure: Finding malicious domains using passive DNS analysis. | |
| US8495742B2 (en) | Identifying malicious queries | |
| Zhang et al. | Arrow: Generating signatures to detect drive-by downloads | |
| US8229930B2 (en) | URL reputation system | |
| Chiba et al. | DomainProfiler: Discovering domain names abused in future | |
| Marchal et al. | Proactive discovery of phishing related domain names | |
| Singh et al. | Detecting bot-infected machines using DNS fingerprinting | |
| US20080133540A1 (en) | System and method of analyzing web addresses | |
| Akiyama et al. | HoneyCirculator: distributing credential honeytoken for introspection of web-based attack cycle | |
| Lin et al. | Genetic-based real-time fast-flux service networks detection | |
| Sorio et al. | Detection of hidden fraudulent urls within trusted sites using lexical features | |
| Kheir | Behavioral classification and detection of malware through http user agent anomalies | |
| Chen et al. | Efficient suspicious URL filtering based on reputation | |
| Hong et al. | Ctracer: uncover C&C in advanced persistent threats based on scalable framework for enterprise log data | |
| Kondracki et al. | The droid is in the details: Environment-aware evasion of android sandboxes | |
| Chiba et al. | DomainProfiler: toward accurate and early discovery of domain names abused in future | |
| Seifert et al. | Identification of malicious web pages through analysis of underlying dns and web server relationships | |
| Qin et al. | An exploit kits detection approach based on HTTP message graph | |
| Leita et al. | HARMUR: Storing and analyzing historic data on malicious domains | |
| Vu Hong | DNS traffic analysis for network-based malware detection |