Detecting Hiding Malicious Website Using Network Traffic Mining Approach
As the Internet continues to broaden its coverage worldwide, it has leaded to a spread of data searching, learning, entertaining, information exchanging, financing, commercial activities and so on via Internet. This tendency makes a serious situation that is the users of the Internet become attacking targets. There are many kind of network attack such as viruses, worms, and many other malicious codes were implemented to get the illegal benefits or for some particular purpose. In recent years, firewall techniques were being used to reject the anomaly Internet connections. And this has made the spreading of malwares gradually shifted from the traditional Push-based method to the Pull-based method. Therefore, how to prevent the illegitimate access from the attacker and maintaining the quality of service of network becomes an important issue of the network manager. In 2008, there was a new kind malware be found, that have some new features in comparison of the traditional malwares. Further, those codes can be self-updated by Internet. There are many malicious websites propose new version malicious code for the malware infect other computers under the same LAN to download and execute the malicious program automatically. These kinds of malicious websites cannot be easily detected in traditional firewall defense systems. This research proposed a malicious website detection system architecture and use spatial-temporal aggregating variables method to build a detection module from the NetFlow data. In our empirical evaluation results show this module has good performance to detect the malicious web sites. The results are helpful to improve the management of the large range network environment.
Malicious Website Detection Spatial-Temporal Pattern Malware Network Security NetFlow
Han-Wei Hsiao Deng-Neng Chen Tsung Ju Wu
National University of Kaohsiung Depart, of Information Management Kaohsiung, Taiwan National Pingtung University of Science and Technology Depart,of Management Information Systems Ping
国际会议
上海
英文
276-280
2010-06-22(万方平台首次上网日期,不代表论文的发表时间)