Abstract
Drive-by-Download is an unintentional download of a malware on to a user system. Detection of drive-by-download based malware infection in a host is a challenging task, due to the stealthy nature of this attack. The user of the system is not aware of the malware infection occurred as it happens in the background. The signature based antivirus systems are not able to detect zero-day malware. Most of the detection has been performed either from the signature matching or by reverse engineering the binaries or by running the binaries in a sandbox environment. In this paper, we propose One Class SVM based supervised learning method to detect the drive-by-download infection. The features comprises of system RAM and CPU utilization details. The experimental setup to collect data contains machine specification matching 4 user profiles namely Designer, Gamer, Normal User and Student. The experimental system proposed in this paper was evaluated using precision, recall and F-measure.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
M. Egele et al., Defending browsers against drive-by downloads: mitigating heap-spraying code injection attacks, in Detection of Intrusions and Malware, and Vulnerability Assessment. (Springer, Berlin, Heidelberg, 2009), pp. 88−106
N. Provos et al., The ghost in the browser: analysis of web-based malware. HotBots, 7, 4–4 (2007)
C. Seifert et al., Know your enemy. Malicious web servers. The Honeynet Project (2007)
M. Cova, K. Christopher, V. Giovanni, Detection and analysis of drive-by-download attacks and malicious JavaScript code, in Proceedings of the 19th International Conference on World Wide Web (ACM, 2010)
K. Rieck, K.T. Krueger, A. Dewald. Cujo: efficient detection and prevention of drive-by-download attacks in Proceedings of the 26th Annual Computer Security Applications Conference (ACM, 2010)
L. Lu et al., Blade: an attack-agnostic approach for preventing drive-by malware infections, in Proceedings of the 17th ACM Conference on Computer and Communications Security, (ACM, 2010)
N.P.P. Mavrommatis, M.A.R.F. Monrose, All your iframes point to us in USENIX Security Symposium (2008)
A. Moshchuk et al., A Crawler-based Study of Spyware in the Web, in NDSS vol. 1 (2006)
A. Ikinci, T. Holz, F.C. Freiling, Monkey-Spider: detecting Malicious Websites with Low-Interaction Honeyclients, in Sicherheit vol. 8 (2008)
N. Provos, SpyBye—Finding Malware (2016), http://www.monkey.org/~provos/spybye Accessed 15 June 2016
H. Kim, J. Smith, K.G. Shin, Detecting energy-greedy anomalies and mobile malware variants, in Proceedings of the 6th International Conference on Mobile Systems, Applications, and Services (ACM, 2008)
J. Flinn, M. Satyanarayanan, Powerscope: A tool for profiling the energy usage of mobile applications. Mobile computing systems and applications, in Proceedings Second IEEE Workshop on WMCSA’99 (IEEE, 1999)
L. Lei et al., Virusmeter: preventing your cellphone from spies in Recent Advances in Intrusion Detection (Springer, Berlin, Heidelberg, 2009)
L. Zhang et al., Accurate online power estimation and automatic battery behavior based power model generation for smartphones. in Proceedings of the Eighth IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesi (ACM, 2010)
S. Kim et al., Accelerating full-system simulation through characterizing and predicting operating system performance, in 2007 IEEE International Symposium on Performance Analysis of Systems & Software, ISPASS (IEEE, 2007)
S. Rui et al., The relationship research between usage of resource and performance of computer system, in WRI World Congress on Software Engineering, 2009 WCSE’09, vol. 3 (IEEE, 2009)
J. Kreku et al., Combining UML2 application and SystemC platform modelling for performance evaluation of real-time embedded systems. EURASIP J. Embed. Syst. 1, 1–18 (2008)
K.P. Soman, R. Loganathan, V. Ajay, Machine Learning with Svm and Other Kernel Methods (PHI Learning Pvt. Ltd, 2009)
R. Perdisci, G. Gu, W. Lee, Using an ensemble of one-class SVM classifiers to harden payload-based anomaly detection systems, in Sixth International Conference on Data Mining ICDM’06 (IEEE, 2006)
DM. Powers, Evaluation: from precision, recall and F-measure to ROC, informedness, markedness and correlation (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Poornachandran, P., Praveen, S., Ashok, A., Krishnan, M.R., Soman, K.P. (2017). Drive-by-Download Malware Detection in Hosts by Analyzing System Resource Utilization Using One Class Support Vector Machines. In: Satapathy, S., Bhateja, V., Udgata, S., Pattnaik, P. (eds) Proceedings of the 5th International Conference on Frontiers in Intelligent Computing: Theory and Applications . Advances in Intelligent Systems and Computing, vol 516. Springer, Singapore. https://doi.org/10.1007/978-981-10-3156-4_13
Download citation
DOI: https://doi.org/10.1007/978-981-10-3156-4_13
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-3155-7
Online ISBN: 978-981-10-3156-4
eBook Packages: EngineeringEngineering (R0)