Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Open Access Guideline
Open Access Guideline
Postgraduate Thesis Guideline
Postgraduate Thesis Guideline
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
An efficient and novel detection technique for next generation web-based exploitation kits
Download
index.pdf
Date
2019
Author
Süren, Emre
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
233
views
120
downloads
Cite This
The prevalence and non-stop evolving technical sophistication of Exploit Kits (EKs) is one of the most challenging shifts in the modern cybercrime landscape. Over the last few years, malware infection via drive-by download attacks have been orchestrated with EK infrastructures. An EK serves various types of malicious content via several threat vectors for a variety of criminal attempts, which are mostly monetarycentric. In this dissertation, an in-depth discussion of the EK philosophy and internals is provided. A content analysis is introduced for the EK families where special context-aware properties are identified. A key observation is that while the webpage contents have drastic differences between distinct intrusions executed through the same EK, the patterns in URL addresses stay similar. This is due to the fact that auto-generated URLs by EK platforms follow specific templates. This dissertation proposes a new lightweight technique to quickly categorize unknown EK families with high accuracy leveraging machine learning algorithms with novel URL features. Rather than analyzing each URL individually, the proposed overall URL patterns approach examines all URLs associated with an EK infection. The method has been evaluated with a popular and publicly available dataset that contains 240 different real-world infection cases involving over 2250 URLs, the incidents being linked with the 4 major EK flavors that occurred throughout the year 2016. In the experiments, the system achieves up to 93.7% clustering accuracy and up to 100% classification accuracy with the estimators experimented.
Subject Keywords
Machine learning.
,
Keywords: Exploit Kit
,
Malware
,
URL analysis
,
Machine learning.
URI
http://etd.lib.metu.edu.tr/upload/12623564/index.pdf
https://hdl.handle.net/11511/43831
Collections
Graduate School of Informatics, Thesis
Suggestions
OpenMETU
Core
I see EK: A lightweight technique to reveal exploit kit family by overall URL patterns of infection chains
Suren, Emre; Angın, Pelin; Baykal, Nazife (2019-01-01)
The prevalence and nonstop evolving technical sophistication of exploit kits (EKs) is one of the most challenging shifts in the modern cybercrime landscape. Over the last few years, malware infections via drive-by download attacks have been orchestrated with EK infrastructures. Malicious advertisements and compromised websites redirect victim browsers to web-based EK families that are assembled to exploit client-side vulnerabilities and finally deliver evil payloads. A key observation is that while the webp...
Know your EK: A content and workflow analysis approach for exploit kits
Suren, Emre; Angın, Pelin (2019-02-01)
The prevalence and non-stop evolving technical sophistication of Exploit Kits (EKs) is one of the most challenging shifts in the modern cybercrime landscape. Over the last few years, malware infection via drive-by-download attacks have been orchestrated with EK infrastructures. An EK serves various types of malicious content via several threat vectors for a variety of criminal attempts, which are mostly monetary-centric. Malicious emails, malicious advertisements, and compromised websites redirect victim br...
Collaborative building control: a conceptual mixed-initiative framework
Topak, Fatih; Pekeriçli, Mehmet Koray (Taylor & Francis, 2021-6-22)
In the last two decades, automation systems have shown advanced developments and are widely adopted for various purposes in many fields. However, automation in buildings has not gained popularity and has a low acceptance level amongst the occupants. Decreased perceived control, ever-changing dynamic human needs, and standardized, one-size-fits-all approach in current automation systems lead to disharmony in human-machine coexistence. Although well-established continuous interaction between building control ...
An Efficient Implementation of Online Model Predictive Control with Practical Industrial Applications
Arpacık, Okan; Ankaralı, Mustafa Mert; Department of Electrical and Electronics Engineering (2021-8)
The demand to utilize modern control algorithms for industrial applications is much more intensive. Model-predictive-controller (MPC), which is one of the modern optimal control policies, has gained more attention in servo drive and other industrial applications in recent years due to increased computational capabilities of embedded platforms and evident control performance benefits compared to more classical control methods. A digital MPC algorithm at each sampling instant produces the optimal control inpu...
A New Hardware-in-the-Loop Simulator for CNC Machine Applications
USENMEZ, S.; MUTLU, B. R.; Yaman, Ulaş; KILIÇ, ERGİN; Dölen, Melik; Koku, Ahmet Buğra (2013-03-01)
This study focuses on an integrated software and hardware platform that is capable of performing (real-time/nonreal- time) hardware-in-the-loop simulation of dynamic systems, including electrical machinery, CNC machine tools. In this approach, once the dynamics of the plant to be controlled is defined via C++ language, the resulting code is cross-compiled automatically on a PC. Executable files along with the necessary drivers are downloaded onto the composite hardware platform that consists of a Field Prog...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
E. Süren, “An efficient and novel detection technique for next generation web-based exploitation kits,” Thesis (Ph.D.) -- Graduate School of Natural and Applied Sciences. Information Systems., Middle East Technical University, 2019.