Evasive Malicious Website Detection by Leveraging Redirection Subgraph Similarities

Shibahara, Toshiki; Takata, Yuta; Akiyama, Mitoshi; Yagi, T.; Hato, Kunio; Murata, Masayuki

doi:10.1587/transinf.2018fcp0007

Cited by 4 publications

(2 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Redirection chains are mapped in Takata et al (2018), but, content-based redirects are not considered. Shibahara et al (2019) models redirections irrespective of occurrence, e.g. if URL is found in JS but wasn't accessed, it's still labelled as a redirect.…”

Section: Related Workmentioning

confidence: 99%

LSTM RNN: detecting exploit kits using redirection chain sequences

et al. 2021

View full text Add to dashboard Cite

While consumers use the web to perform routine activities, they are under the constant threat of attack from malicious websites. Even when visiting ‘trusted’ sites, there is always a risk that site is compromised, and, hosting a malicious script. In this scenario, the injected script would typically force the victim’s browser to undergo a series of redirects before reaching an attacker-controlled domain, which, delivers the actual malware. Although these malicious redirection chains aim to frustrate detection and analysis efforts, they could be used to help identify web-based attacks. Building upon previous work, this paper presents the first known application of a Long Short-Term Memory (LSTM) network to detect Exploit Kit (EK) traffic, utilising the structure of HTTP redirects. Samples are processed as sequences, where each timestep represents a redirect and contains a unique combination of 48 features. The experiment is conducted using a ground-truth dataset of 1279 EK and 5910 benign redirection chains. Hyper-parameters are tuned via K-fold cross-validation (5f-CV), with the optimal configuration achieving an F1 score of 0.9878 against the unseen test set. Furthermore, we compare the results of isolated feature categories to assess their importance.

show abstract

Section: Related Workmentioning

confidence: 99%

LSTM RNN: detecting exploit kits using redirection chain sequences

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Shibahara et al [25] leveraged redirection subgraph similarities to identify evasive, malicious websites. Classification is performed using a graph mining approach, where the sim-ilarities between redirection subgraphs of malicious, benign and compromised websites are integrated.…”

Section: Related Workmentioning

confidence: 99%

REdiREKT: Extracting Malicious Redirections from Exploit Kit Traffic

Burgess

Carlin

O’Kane

et al. 2020

2020 IEEE Conference on Communications and Network Security (CNS)

View full text Add to dashboard Cite

This paper proposes REdiREKT, a system which utilises the open-source Zeek Intrusion Detection System (IDS) to map HTTP redirection chains observed in Exploit Kit (EK) attacks and extracts distinguishing features to assist machine learning (ML). We build a ground-truth dataset of EK samples, ensuring that the redirection chains for every sample are accurate and reusable in future experiments. By processing a unique combination of 9 redirection techniques, REdiREKT was able to correctly extract 96.52% of malicious domains from 1279 EK samples, spanning 28 families and 8 campaigns, and, only failed to extract 0.7% of malicious chains. Using the VirusTotal API to filter out domains flagged as malicious, we build a benign dataset from the Alexa top 10k websites, extracting 12,783 domains from 5910 redirection chains. The malicious redirection data is divided into yearly and familybased categories and compared to the benign results. Based on our analysis of the collected data, we extract and store 48 key features from websites within the redirection chains that could aid future ML-based detection efforts. Finally, we evaluate the performance of REdiREKT, compare it with existing research, and, suggest use-cases and future areas of work.

show abstract

Exploiting Feature Interactions for Malicious Website Detection with Overhead-accuracy Tradeoff

Shen

2021

ICC 2021 - IEEE International Conference on Communications

View full text Add to dashboard Cite

Evasive Malicious Website Detection by Leveraging Redirection Subgraph Similarities

Cited by 4 publications

References 24 publications

LSTM RNN: detecting exploit kits using redirection chain sequences

LSTM RNN: detecting exploit kits using redirection chain sequences

REdiREKT: Extracting Malicious Redirections from Exploit Kit Traffic

Exploiting Feature Interactions for Malicious Website Detection with Overhead-accuracy Tradeoff

Contact Info

Product

Resources

About