Paper Search Console

Home Search Page About Contact

Journal Title

Title of Journal: Int J Inf Secur

Search In Journal Title:

Abbravation: International Journal of Information Security

Search In Journal Abbravation:

Publisher

Springer Berlin Heidelberg

Search In Publisher:

DOI

10.1007/s11623-015-0352-5

Search In DOI:

ISSN

1615-5270

Search In ISSN:
Search In Title Of Papers:

The MALICIA dataset identification and analysis o

Authors: Antonio Nappa M Zubair Rafique Juan Caballero
Publish Date: 2014/06/21
Volume: 14, Issue: 1, Pages: 15-33
PDF Link

Abstract

Driveby downloads are the preferred distribution vector for many malware families In the driveby ecosystem many exploit servers run the same exploit kit and it is a challenge understanding whether the exploit server is part of a larger operation In this paper we propose a technique to identify exploit servers managed by the same organization We collect over time how exploit servers are configured which exploits they use and what malware they distribute grouping servers with similar configurations into operations Our operational analysis reveals that although individual exploit servers have a median lifetime of 16 h longlived operations exist that operate for several months To sustain longlived operations miscreants are turning to the cloud with 60  of the exploit servers hosted by specialized cloud hosting services We also observe operations that distribute multiple malware families and that payperinstall affiliate programs are managing exploit servers for their affiliates to convert traffic into installations Furthermore we analyze the exploit polymorphism problem measuring the repacking rate for different exploit types To understand how difficult is to takedown exploit servers we analyze the abuse reporting process and issue abuse reports for 19 longlived servers We describe the interaction with ISPs and hosting providers and monitor the result of the report We find that 61  of the reports are not even acknowledged On average an exploit server still lives for 43 days after a report Finally we detail the Malicia dataset we have collected and are making available to other researchersThe authors would like to thank Chris Grier and Kurt Thomas for their help and the anonymous reviewers for their insightful comments This work was supported in part by the European Union through the FP7 network of excellence NESSoS Grant FP7ICT No 256980 by the Spanish Government through the StrongSoft project Grant TIN201239391C0401 and a Juan de la Cierva Fellowship for Juan Caballero by the NGreens CM project by the Research Fund KU Leuven and by the Fight against Crime Programme of the European Union BCCENTRE Opinions expressed in this material are those of the authors and do not necessarily reflect the views of the sponsors

Keywords:

References

.
Search In Abstract Of Papers:
Other Papers In This Journal:
  1. An incentive compatible reputation mechanism for ubiquitous computing environments
  2. A Spatio-Temporal malware and country clustering algorithm: 2012 IIJ MITF case study
  3. Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation
  4. Uncertain inference control in privacy protection
  5. Visualization-based policy analysis for SELinux: framework and user study
  6. PKI past, present and future
  7. Integrating software specifications into intrusion detection
  8. Achieving evenhandedness in certified email system for contract signing
  9. Efficient microaggregation techniques for large numerical data volumes
  10. Specifying and implementing privacy-preserving cryptographic protocols
Search Result: