Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Open Access Guideline
Open Access Guideline
Postgraduate Thesis Guideline
Postgraduate Thesis Guideline
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
I see EK: A lightweight technique to reveal exploit kit family by overall URL patterns of infection chains
Download
10.3906:elk-1810-199.PDF
Date
2019-01-01
Author
Suren, Emre
Angın, Pelin
Baykal, Nazife
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
397
views
346
downloads
Cite This
The prevalence and nonstop evolving technical sophistication of exploit kits (EKs) is one of the most challenging shifts in the modern cybercrime landscape. Over the last few years, malware infections via drive-by download attacks have been orchestrated with EK infrastructures. Malicious advertisements and compromised websites redirect victim browsers to web-based EK families that are assembled to exploit client-side vulnerabilities and finally deliver evil payloads. A key observation is that while the webpage contents have drastic differences between distinct intrusions executed through the same EK, the patterns in URL addresses stay similar. This is due to the fact that autogenerated URLs by EK platforms follow specific templates. This practice in use enables the development of an efficient system that is capable of classifying the responsible EK instances. This paper proposes novel URL features and a new technique to quickly categorize EK families with high accuracy using machine learning algorithms. Rather than analyzing each URL individually, the proposed overall URL patterns approach examines all URLs associated with an EK infection automatically. The method has been evaluated with a popular and publicly available dataset that contains 240 different real-world infection cases involving over 2250 URLs, the incidents being linked with the 4 major EK flavors that occurred throughout the year 2016. The system achieves up to 100% classification accuracy with the tested estimators.
Subject Keywords
Exploit kit
,
Web malware
,
Drive-by download
,
URL analysis
,
Supervised machine learning
,
Cybercrime
URI
https://hdl.handle.net/11511/32302
Journal
TURKISH JOURNAL OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCES
DOI
https://doi.org/10.3906/elk-1810-199
Collections
Graduate School of Informatics, Article
Suggestions
OpenMETU
Core
Know your EK: A content and workflow analysis approach for exploit kits
Suren, Emre; Angın, Pelin (2019-02-01)
The prevalence and non-stop evolving technical sophistication of Exploit Kits (EKs) is one of the most challenging shifts in the modern cybercrime landscape. Over the last few years, malware infection via drive-by-download attacks have been orchestrated with EK infrastructures. An EK serves various types of malicious content via several threat vectors for a variety of criminal attempts, which are mostly monetary-centric. Malicious emails, malicious advertisements, and compromised websites redirect victim br...
An efficient and novel detection technique for next generation web-based exploitation kits
Süren, Emre; Baykal, Nazife; Department of Information Systems (2019)
The prevalence and non-stop evolving technical sophistication of Exploit Kits (EKs) is one of the most challenging shifts in the modern cybercrime landscape. Over the last few years, malware infection via drive-by download attacks have been orchestrated with EK infrastructures. An EK serves various types of malicious content via several threat vectors for a variety of criminal attempts, which are mostly monetarycentric. In this dissertation, an in-depth discussion of the EK philosophy and internals is provi...
Collaborative building control: a conceptual mixed-initiative framework
Topak, Fatih; Pekeriçli, Mehmet Koray (Taylor & Francis, 2021-6-22)
In the last two decades, automation systems have shown advanced developments and are widely adopted for various purposes in many fields. However, automation in buildings has not gained popularity and has a low acceptance level amongst the occupants. Decreased perceived control, ever-changing dynamic human needs, and standardized, one-size-fits-all approach in current automation systems lead to disharmony in human-machine coexistence. Although well-established continuous interaction between building control ...
ENHANCING UML PORTS AND CONNECTORS TO INCREASE THE REUSABILITY AND PERFORMANCE OF AVIONICS SOFTWARE
Kocataş, Alper Tolga; Doğru, Ali Hikmet; Department of Computer Engineering (2023-1-5)
Model-driven software development (MDSD) techniques have evolved vastly over the recent decades. MDSD aims to raise the abstraction level, allowing developers to produce accurate designs which are also easier to verify. The focus of this research is on developing methods in MDSD that can be utilized in software development. In the scope of this research, we first present a method for enriching the UML connectors with behavioral specifications for the exogenous coordination of the components. The aim is to f...
An Efficient Implementation of Online Model Predictive Control with Practical Industrial Applications
Arpacık, Okan; Ankaralı, Mustafa Mert; Department of Electrical and Electronics Engineering (2021-8)
The demand to utilize modern control algorithms for industrial applications is much more intensive. Model-predictive-controller (MPC), which is one of the modern optimal control policies, has gained more attention in servo drive and other industrial applications in recent years due to increased computational capabilities of embedded platforms and evident control performance benefits compared to more classical control methods. A digital MPC algorithm at each sampling instant produces the optimal control inpu...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
E. Suren, P. Angın, and N. Baykal, “I see EK: A lightweight technique to reveal exploit kit family by overall URL patterns of infection chains,”
TURKISH JOURNAL OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCES
, pp. 3713–3728, 2019, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/32302.