Publication: Classification of Exploit-Kit behaviors via machine learning approach
Issued Date
2018-03-23
Resource Type
ISSN
17389445
Other identifier(s)
2-s2.0-85046744146
Rights
Mahidol University
Rights Holder(s)
SCOPUS
Bibliographic Citation
International Conference on Advanced Communication Technology, ICACT. Vol.2018-February, (2018), 468-473
Suggested Citation
Sukritta Harnmetta, Sudsanguan Ngamsuriyaroj Classification of Exploit-Kit behaviors via machine learning approach. International Conference on Advanced Communication Technology, ICACT. Vol.2018-February, (2018), 468-473. doi:10.23919/ICACT.2018.8323798 Retrieved from: https://repository.li.mahidol.ac.th/handle/20.500.14594/45816
Research Projects
Organizational Units
Authors
Journal Issue
Thesis
Title
Classification of Exploit-Kit behaviors via machine learning approach
Author(s)
Other Contributor(s)
Abstract
© 2018 Global IT Research Institute (GiRI). An Exploit-Kit (EK) is the cyber attacking tool which targets in finding vulnerabilities appeared on a web browser instance such as web-plugins, add-on instances usually installed in a web browser. Such instances may send some suitable malware payload through the vulnerabilities they found. This kind of such cyber-attack is known as the drive-by-download attack where malware downloading do not require any interaction from users. In addition, EK can do self-protection by imitating a benign website or responding to end-users with HTTP 404 error code whenever it encountered an unsupported target web browser. As a result, detecting EK requires a lot of effort. However, when an EK launches an attack, there are some patterns of interactions between a host and a victim. In this work, we obtain a set of data from www.malware-traffic-analysis.net and analyze those interactions in order to identify a set of features. We use such features to build a model for classifying interaction patterns of each EK type. Our experiments show that, with 5,743 network flows and 45 features, our model using Decision tree approach can classify EK traffic and EK type with accuracy of 97.74% and 97.11% respectively. In conclusion, our proposed work can help detect the behavior of EK with high accuracy.