Detecting the Onset of Infection for Secure Hosts

11 years 8 months ago
Detecting the Onset of Infection for Secure Hosts
Abstract. Software flaws in applications such as a browser may be exploited by attackers to launch drive-by-download (DBD), which has become the major vector of malware infection. We describe a host-based detection approach against DBDs by correlating the behaviors of humanuser related to file systems. Our approach involves capturing keyboard and mouse inputs of a user, and correlating these input events to filedownloading events. We describe a real-time monitoring system called DeWare that is capable of accurately detecting the onset of malware infection by identifying the illegal download-and-execute patterns. Analysis based on the arrival methods of top 100 malware infecting the most number of systems discovered that 53% of infections are through download [1]. In another study, 450,000 out of 4.5 millions URLs were found to contain drive-bydownload exploits that may be due to advertisement, third-party contents, and user-contributed contents [2]. Drive-by-download (DBD) attacks e...
Kui Xu, Qiang Ma, Danfeng (Daphne) Yao
Added 30 Jan 2011
Updated 30 Jan 2011
Type Journal
Year 2010
Where RAID
Authors Kui Xu, Qiang Ma, Danfeng (Daphne) Yao
Comments (0)