WebPatrol

Chen, Kevin Zhijie; Gu, Guofei; Zhuge, Jing; Nazario, Jose; Han, Xiao

doi:10.1145/1966913.1966938

Cited by 20 publications

(3 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Cho forecast an attacker group using the similarity characteristics of the domain names used for cyber-attacks [12]. Cova, Chen, Chang, et al detected and analyzed "drive-by-download" on the web as a representative means of spreading malicious code [13,14,15,16]. In addition, Han found that the large-scale cyber terror attack in Korea and the cyber-attack against Sony Pictures were committed by the same attacker group through case-based reasoning [17,28,29].…”

Section: Related Workmentioning

confidence: 99%

Cyber-attack group analysis method based on association of cyber-attack information

Son¹,

Kim²,

Lee³

2020

KSII TIIS

View full text Add to dashboard Cite

Cyber-attacks emerge in a more intelligent way, and various security technologies are applied to respond to such attacks. Still, more and more people agree that individual response to each intelligent infringement attack has a fundamental limit. Accordingly, the cyber threat intelligence analysis technology is drawing attention in analyzing the attacker group, interpreting the attack trend, and obtaining decision making information by collecting a large quantity of cyber-attack information and performing relation analysis. In this study, we proposed relation analysis factors and developed a system for establishing cyber threat intelligence, based on malicious code as a key means of cyber-attacks. As a result of collecting more than 36 million kinds of infringement information and conducting relation analysis, various implications that cannot be obtained by simple searches were derived. We expect actionable intelligence to be established in the true sense of the word if relation analysis logic is developed later.

show abstract

Section: Related Workmentioning

confidence: 99%

Cyber-attack group analysis method based on association of cyber-attack information

Son¹,

Kim²,

Lee³

2020

KSII TIIS

View full text Add to dashboard Cite

show abstract

“…Last but not least, we also calculate the f1 score 5 to have a single metric balancing precision and recall at the same time. 4 pr ecision =…”

Section: Detectionmentioning

confidence: 99%

“…In fact, we have leveraged similar concepts than those described by IceShield [19], Cujo [38] and HoneyMonkey [48]. In spite of extensive research eorts to analyze JavaScript malware using honeypots, e.g., PhoneyC [27] or WebPatrol [4], we focus on systems using real browsers for their measurements.…”

Section: Related Workmentioning

confidence: 99%

Rapid

Rodriguez

Posegga

2018

Proceedings of the 34th Annual Computer Security Applications Conference

View full text Add to dashboard Cite

Direct access to the system's resources such as the GPU, persistent storage and networking has enabled in-browser crypto-mining. Thus, there has been a massive response by rogue actors who abuse browsers for mining without the user's consent. This trend has grown steadily for the last months until this practice, i.e., Crypto-Jacking, has been acknowledged as the number one security threat by several antivirus companies. Considering this, and the fact that these attacks do not behave as JavaScript malware or other Web attacks, we propose and evaluate several approaches to detect in-browser mining. To this end, we collect information from the top 330.500 Alexa sites. Mainly, we used real-life browsers to visit sites while monitoring resourcerelated API calls and the browser's resource consumption, e.g., CPU. Our detection mechanisms are based on dynamic monitoring, so they are resistant to JavaScript obfuscation. Furthermore, our detection techniques can generalize well and classify previously unseen samples with up to 99.99% precision and recall for the benign class and up to 96% precision and recall for the mining class. These results demonstrate the applicability of detection mechanisms as a server-side approach, e.g., to support the enhancement of existing blacklists. Last but not least, we evaluated the feasibility of deploying prototypical implementations of some detection mechanisms directly on the browser. Specically, we measured the impact of in-browser API monitoring on page-loading time and performed micro-benchmarks for the execution of some classiers directly within the browser. In this regard, we ascertain that, even though there are engineering challenges to overcome, it is feasible and benecial for users to bring the mining detection to the browser.

show abstract