Malicious File Hash Detection and Drive-by Download Attacks

Warning

This publication doesn't include Institute of Computer Science. It includes Faculty of Informatics. Official publication website can be found on muni.cz.
Authors

GHAFIR Ibrahim PŘENOSIL Václav

Year of publication 2016
Type Article in Proceedings
Conference Proceedings of the Second International Conference on Computer and Communication Technologies, series Advances in Intelligent Systems and Computing
MU Faculty or unit

Faculty of Informatics

Citation
Web http://link.springer.com/chapter/10.1007/978-81-322-2517-1_63
Doi http://dx.doi.org/10.1007/978-81-322-2517-1_63
Field Informatics
Keywords cyber attacks; botnet; malware; malicious file hash; intrusion detection system
Attached files
Description Malicious web content has become the essential tool used by cybercriminals to accomplish their attacks on the Internet. In addition, attacks that target web clients, in comparison to infrastructure components, have become prevalent. Malware drive-by downloads are a recent challenge, as their spread appears to be increasing substantially in malware distribution attacks. In this paper we present our methodology for detecting any malicious file downloaded by one of the network hosts. Our detection method is based on a blacklist of malicious file hashes. We process the network traffic, analyze all connections, and calculate MD5, SHA1, and SHA256 hash for each new file seen being transferred over a connection. Then we match the calculated hashes with the blacklist. The blacklist of malicious file hashes is automatically updated each day and the detection is in the real time.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.

More info