Detecting Drive-by-Download Attacks based on HTTP Context-Types

Recently, Drive-by-Download attacks have been prevailing. A user’s PC may be infected with a malware derived from tampered web pages. Malicious attackers easily construct Drive-by-Download websites using a software tool, called Exploit Kit. This paper proposes a new method for detecting Drive-by-Download attacks and preventing download of malwares. Our method is based on fine-grained analysis of Drive-by-Download attacks based on HTTP Context-Types. We also evaluate a new detection method for detecting Drive-by-Download attacks, whose effectiveness is proved by the experimental results

Fingerprinting Attack on Tor Anonymity using Deep Learning

Tor is free software that enables anonymouscommunication. It defends users against traffic analysis andnetwork surveillance. It is also useful for confidential businessactivities and state security. At the same time, anonymizedprotocols have been used to access criminal websites such as thosedealing with illegal drugs. This paper proposes a new method forlaunching a fingerprinting attack to analyze Tor traffic in orderto detect users who access illegal websites. Our new method isbased on Stacked Denoising Autoencoder, a deep-learningtechnology. Our evaluation results show 0.88 accuracy in aclosed-world test. In an open-world test, the true positive rate is0.86 and the false positive rate is 0.02

Detecting Android Malware by Analyzing Manifest Files

The threat of Android malware has increased owing to the increasingpopularity of smartphones. Once an Android smartphone is infected with malware, theuser suffers from various damages, such as the theft of personal information stored in thesmartphones, the unintentional sending of short messages to premium-rate numberswithout the user’s knowledge, and the ability for the infected smartphones to be remotelyoperated and used for other malicious attacks. However, there are currently insufficientdefense mechanisms against Android malware. This study proposes a new method todetect Android malware. The new method analyzes only manifest files that are required inAndroid applications. It realizes a lightweight approach for detection, and its effectivenessis experimentally confirmed by employing real samples of Android malware. The resultshows that the new method can effectively detect Android malware, even when thesample is unknown

Passive Smart Phone Indentification and Tracking with Application Set Fingerprints

Current smart phone users can be identified and tracked by fingerprinttechniques. Fingerprint identification techniques can be used for legitimate purposessuch as network management and traffic control to avoid excessive congestion. Thispaper proposes a user identification and tracking technique specific to smart phoneusers for supervised network management. This paper proposes the application setfingerprint, which is a simple set of User-Agent request-header fields in HTTPsessions. The application set fingerprint has three advantages, fully-passive fingerprintgeneration, potential of user trackability, and fingerprinting considering the users'privacy. The results show that the application set fingerprint is practically effectiveand network operators can use it for tracking smart phone users with the purpose ofefficient network management

Liquid crystal electropolymerisation under magnetic field and resultant linear polarised electrochromism

The electrochemical preparation of poly(3,4-ethylenedioxythiophene) (PEDOT) is conducted in liquid crystal (LC) electrolyte solution with nematic (N), cholesteric (Ch*), and smectic A (SmA) phases under a magnetic field. The polymer imprints the molecular arrangement of the LC electrolyte during the polymerisation process. The oriented polymers thus obtained displays optical texture characteristics that resemble those of the LC electrolyte solution. Especially, visualization of SmA domain through PEDOTfibrils is achieved. The magnetic alignment produces linear optical polarisation for the polymers. The PEDOTs thus prepared exhibit good reproducible electroactivity. The present electropolymerisation under magnetic field affords polymer films with linear polarised electrochromism

Discriminating DRDoS Packets using Time Interval Analysis

Distributed Reflection Denial of Service (DRDoS) attack is one of the critical security threats. As the attack generates unidirectional traffic, it is not easy for the targets of the attack to protect themselves. To mitigate the attack, we need a defense mechanism installed at backbone networks, i.e., detecting and blocking the attack traffic before they reach to the destinations. A conventional approach is to monitor the traffic volume of the attack, i.e., an attack is detected if the observed traffic volume exceeds a certain threshold. However, such a simple approach may not work when an attacker adjusts the traffic volume to evade the detection. This paper proposes a novel method that can detect the DRDoS attacks accurately. The key idea is to leverage the characteristics of time intervals between the packets. We make use of the K-means clustering algorithm to find the best threshold values used to distinguish packets associated with DRDoS attacks. We implement the proposed algorithm into an equipment at a data center and demonstrate that our approach attains high accuracy