I see EK: A lightweight technique to reveal exploit kit family by overall URL patterns of infection chains

2019-01-01
Suren, Emre
Angın, Pelin
Baykal, Nazife
The prevalence and nonstop evolving technical sophistication of exploit kits (EKs) is one of the most challenging shifts in the modern cybercrime landscape. Over the last few years, malware infections via drive-by download attacks have been orchestrated with EK infrastructures. Malicious advertisements and compromised websites redirect victim browsers to web-based EK families that are assembled to exploit client-side vulnerabilities and finally deliver evil payloads. A key observation is that while the webpage contents have drastic differences between distinct intrusions executed through the same EK, the patterns in URL addresses stay similar. This is due to the fact that autogenerated URLs by EK platforms follow specific templates. This practice in use enables the development of an efficient system that is capable of classifying the responsible EK instances. This paper proposes novel URL features and a new technique to quickly categorize EK families with high accuracy using machine learning algorithms. Rather than analyzing each URL individually, the proposed overall URL patterns approach examines all URLs associated with an EK infection automatically. The method has been evaluated with a popular and publicly available dataset that contains 240 different real-world infection cases involving over 2250 URLs, the incidents being linked with the 4 major EK flavors that occurred throughout the year 2016. The system achieves up to 100% classification accuracy with the tested estimators.
TURKISH JOURNAL OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCES

Suggestions

Know your EK: A content and workflow analysis approach for exploit kits
Suren, Emre; Angın, Pelin (2019-02-01)
The prevalence and non-stop evolving technical sophistication of Exploit Kits (EKs) is one of the most challenging shifts in the modern cybercrime landscape. Over the last few years, malware infection via drive-by-download attacks have been orchestrated with EK infrastructures. An EK serves various types of malicious content via several threat vectors for a variety of criminal attempts, which are mostly monetary-centric. Malicious emails, malicious advertisements, and compromised websites redirect victim br...
An efficient and novel detection technique for next generation web-based exploitation kits
Süren, Emre; Baykal, Nazife; Department of Information Systems (2019)
The prevalence and non-stop evolving technical sophistication of Exploit Kits (EKs) is one of the most challenging shifts in the modern cybercrime landscape. Over the last few years, malware infection via drive-by download attacks have been orchestrated with EK infrastructures. An EK serves various types of malicious content via several threat vectors for a variety of criminal attempts, which are mostly monetarycentric. In this dissertation, an in-depth discussion of the EK philosophy and internals is provi...
Collaborative building control: a conceptual mixed-initiative framework
Topak, Fatih; Pekeriçli, Mehmet Koray (Taylor & Francis, 2021-6-22)
In the last two decades, automation systems have shown advanced developments and are widely adopted for various purposes in many fields. However, automation in buildings has not gained popularity and has a low acceptance level amongst the occupants. Decreased perceived control, ever-changing dynamic human needs, and standardized, one-size-fits-all approach in current automation systems lead to disharmony in human-machine coexistence. Although well-established continuous interaction between building control ...
ENHANCING UML PORTS AND CONNECTORS TO INCREASE THE REUSABILITY AND PERFORMANCE OF AVIONICS SOFTWARE
Kocataş, Alper Tolga; Doğru, Ali Hikmet; Department of Computer Engineering (2023-1-5)
Model-driven software development (MDSD) techniques have evolved vastly over the recent decades. MDSD aims to raise the abstraction level, allowing developers to produce accurate designs which are also easier to verify. The focus of this research is on developing methods in MDSD that can be utilized in software development. In the scope of this research, we first present a method for enriching the UML connectors with behavioral specifications for the exogenous coordination of the components. The aim is to f...
An Efficient Implementation of Online Model Predictive Control with Practical Industrial Applications
Arpacık, Okan; Ankaralı, Mustafa Mert; Department of Electrical and Electronics Engineering (2021-8)
The demand to utilize modern control algorithms for industrial applications is much more intensive. Model-predictive-controller (MPC), which is one of the modern optimal control policies, has gained more attention in servo drive and other industrial applications in recent years due to increased computational capabilities of embedded platforms and evident control performance benefits compared to more classical control methods. A digital MPC algorithm at each sampling instant produces the optimal control inpu...
Citation Formats
E. Suren, P. Angın, and N. Baykal, “I see EK: A lightweight technique to reveal exploit kit family by overall URL patterns of infection chains,” TURKISH JOURNAL OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCES, pp. 3713–3728, 2019, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/32302.