804 research outputs found
ANALYSIS OF CLIENT-SIDE ATTACKS THROUGH DRIVE-BY HONEYPOTS
Client-side cyberattacks on Web browsers are becoming more common relative to server-side cyberattacks. This work tested the ability of the honeypot (decoy) client software Thug to detect malicious or compromised servers that secretly download malicious files to clients, and to classify what it downloaded. Prior to using Thug we did TCP/IP fingerprinting to assess Thug’s ability to impersonate different Web browsers, and we created our own malicious Web server with some drive-by exploits to verify Thug’s functions; Thug correctly identified 85 out of 86 exploits from this server. We then tested Thug’s analysis of delivered exploits from two sets of real Web servers; one set was obtained from random Internet addresses of Web servers, and the other came from a commercial blacklist. The rates of malicious activity on 37,415 random websites and 83,667 blacklisted websites were 5.6% and 1.15%, respectively. Thug’s interaction with the blacklisted Web servers found 163 unique malware files. We demonstrated the usefulness and efficiency of client-side honeypots in analyzing harmful data presented by malicious websites. These honeypots can help government and industry defenders to proactively identify suspicious Web servers and protect users.OUSD(R&E)Outstanding ThesisLieutenant, United States NavyApproved for public release. Distribution is unlimited
An anti-malvertising model for university students to increase security awareness
Accessing the website through the Internet has introduced a new way of
advertising information to the users. The term “malvertising” comes from the word
malware and advertising. It is one type of attack that performs malware or scareware
injection into the online advertisements. The purpose of this study is to investigate
security awareness on malvertising attack among university students, propose an
anti-malvertising model to improve security awareness, and to evaluate the security
awareness of the proposed model. The data collection of the research starts with
preliminary study in understanding the malvertising issue. Then, survey
questionnaire is distributed to university students from two different local
universities (UTM, Kuala Lumpur and UMP, Pahang) from two different
backgrounds (IT related and non-IT related courses) to investigate current security
awareness on malvertising attack. The study proposes theoretical model on antimalvertising
and the security awareness will be analyzed through the survey. The
proposed model consists of protection, behavior and monitoring components,
identified as independent variables and the security awareness on the antimalvertising
will is identified as the dependent variable. The study had found that
more than half of the students are aware with the malvertising attack by practicing
protection measures, security behavior, and security monitoring that give positive
impact to the students’ security awareness. This proposed theoretical model may be
beneficial for the students as a basis of reference for anti-malvertising exercise, while
promoting the security awareness among university students. Besides, the theoretical
model can be used as a reference for the researchers in this field as well as other
security practitioners in practicing the suitable components that constitute security
awareness for malvertising
A Measurement Study on the Advertisements Displayed to Web Users Coming from the Regular Web and from Tor
Online advertising is an effective way for businesses to find new customers and expand their reach to a great variety of audiences. Due to the large number of participants interacting in the process, advertising networks act as brokers between website owners and businesses facilitating the display of advertisements. Unfortunately, this system is abused by cybercriminals to perform illegal activities such as malvertising. In this paper, we perform a measurement of malvertising from the user point of view. Our goal is to collect advertisements from a regular Internet connection and using The Onion Router in an attempt to understand whether using different technologies to access the Web could influence the probability of infection. We compare the data from our experiments to find differences in the malvertising activity observed. We show that the level of maliciousness is similar between the two types of accesses. Nevertheless, there are significant differences related to the malicious landing pages delivered in each type of access. Our results provide the research community with insights into how ad traffic is treated depending on the way users access Web content
- …