Author Topic: Real time detection of drive-by infections  (Read 2599 times)

0 Members and 1 Guest are viewing this topic.

October 16, 2009, 10:09:39 pm
Read 2599 times

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Detecting the ghost in the browser: Real time detection of drive-by infections
http://www.jbisa.nl/download/?noGzip=1&id=12603651

Quote
Drive-by infections exploit common browser (plugin) vulnerabilities to infect client ma-
chines. Exploits are often loaded via compromised legitimate websites. This research
tries to construct a methodology of detecting these infections purely by looking at the
http network traffic that this generates. We identify a number of salient characteris-
tics and de ne a ruleset based scoring framework to determine whether an attack has
taken place. Validation shows that this is a feasible approach, although more time is
needed to create a balanced scoring ruleset.
Ruining the bad guy's day

October 24, 2009, 11:13:11 pm
Reply #1

malwarediaries

  • Newbie

  • Offline
  • *

  • 9
Thanks. Interesting article!