Malicious File Hash Detection and Drive-by Download Attacks

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F16%3A00087687" target="_blank" >RIV/00216224:14330/16:00087687 - isvavai.cz</a>

Výsledek na webu

<a href="http://link.springer.com/chapter/10.1007/978-81-322-2517-1_63" target="_blank" >http://link.springer.com/chapter/10.1007/978-81-322-2517-1_63</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-81-322-2517-1_63" target="_blank" >10.1007/978-81-322-2517-1_63</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Malicious File Hash Detection and Drive-by Download Attacks

Popis výsledku v původním jazyce

Malicious web content has become the essential tool used by cybercriminals to accomplish their attacks on the Internet. In addition, attacks that target web clients, in comparison to infrastructure components, have become prevalent. Malware drive-by downloads are a recent challenge, as their spread appears to be increasing substantially in malware distribution attacks. In this paper we present our methodology for detecting any malicious file downloaded by one of the network hosts. Our detection method is based on a blacklist of malicious file hashes. We process the network traffic, analyze all connections, and calculate MD5, SHA1, and SHA256 hash for each new file seen being transferred over a connection. Then we match the calculated hashes with the blacklist. The blacklist of malicious file hashes is automatically updated each day and the detection is in the real time.

Název v anglickém jazyce

Malicious File Hash Detection and Drive-by Download Attacks

Popis výsledku anglicky

Malicious web content has become the essential tool used by cybercriminals to accomplish their attacks on the Internet. In addition, attacks that target web clients, in comparison to infrastructure components, have become prevalent. Malware drive-by downloads are a recent challenge, as their spread appears to be increasing substantially in malware distribution attacks. In this paper we present our methodology for detecting any malicious file downloaded by one of the network hosts. Our detection method is based on a blacklist of malicious file hashes. We process the network traffic, analyze all connections, and calculate MD5, SHA1, and SHA256 hash for each new file seen being transferred over a connection. Then we match the calculated hashes with the blacklist. The blacklist of malicious file hashes is automatically updated each day and the detection is in the real time.

Druh

D - Stať ve sborníku

CEP obor

IN - Informatika

OECD FORD obor

—

Projekt

<a href="/cs/project/OFMASUN201301" target="_blank" >OFMASUN201301: CIRC - Mobilní dedikované zařízení pro naplňování schopností reakce na počítačové incidenty</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2016

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the Second International Conference on Computer and Communication Technologies, series Advances in Intelligent Systems and Computing

ISBN

9788132225164

ISSN

2194-5357

e-ISSN

—

Počet stran výsledku

9

Strana od-do

661-669

Název nakladatele

Springer

Místo vydání

Hyderabad

Místo konání akce

Hyderabad

Datum konání akce

1. 1. 2016

Typ akce podle státní příslušnosti

CST - Celostátní akce

Kód UT WoS článku

—