Kazuhiro Tobe scite author profile

Web-based malware attacks have become one of the most serious threats that need to be addressed urgently. Several approaches that have attracted attention as promising ways of detecting such malware include employing one of several blacklists. However, these conventional approaches often fail to detect new attacks owing to the versatility of malicious websites. Thus, it is difficult to maintain up-to-date blacklists with information for new malicious websites. To tackle this problem, this paper proposes a new scheme for detecting malicious websites using the characteristics of IP addresses. Our approach leverages the empirical observation that IP addresses are more stable than other metrics such as URLs and DNS records. While the strings that form URLs or DNS records are highly variable, IP addresses are less variable, i.e., IPv4 address space is mapped onto 4-byte strings. In this paper, a lightweight and scalable detection scheme that is based on machine learning techniques is developed and evaluated. The aim of this study is not to provide a single solution that effectively detects web-based malware but to develop a technique that compensates the drawbacks of existing approaches. The effectiveness of our approach is validated by using real IP address data from existing blacklists and real traffic data on a campus network. The results demonstrate that our scheme can expand the coverage/accuracy of existing blacklists and also detect unknown malicious websites that are not covered by conventional approaches.

show abstract

Structural classification and similarity measurement of malware

Shi

Hamagami

Yoshioka

et al. 2014

IEEJ Transactions Elec Engng

View full text Add to dashboard Cite

This paper proposes a new lightweight method that utilizes the growing hierarchical self‐organizing map (GHSOM) for malware detection and structural classification. It also shows a new method for measuring the structural similarity between classes. A dynamic link library (DLL) file is an executable file used in the Windows operating system that allows applications to share codes and other resources to perform particular tasks. In this paper, we classify different malware by the data mining of the DLL files used by the malware. Since the malware families are evolving quickly, they present many new problems, such as how to link them to other existing malware families. The experiment shows that our GHSOM‐based structural classification can solve these issues and generate a malware classification tree according to the similarity of malware families. © 2014 Institute of Electrical Engineers of Japan. Published by John Wiley & Sons, Inc.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Kazuhiro Tobe

Detecting Malicious Websites by Learning IP Address Features

Analyzing Spatial Structure of IP Addresses for Detecting Malicious Websites

Structural classification and similarity measurement of malware

Contact Info

Product

Resources

About