Maroofi et al., 2020 - Google Patents
Comar: Classification of compromised versus maliciously registered domainsMaroofi et al., 2020
View PDF- Document ID
- 3489169072741430864
- Author
- Maroofi S
- Korczyński M
- Hesselman C
- Ampeau B
- Duda A
- Publication year
- Publication venue
- 2020 IEEE European Symposium on Security and Privacy (EuroS&P)
External Links
Snippet
Miscreants abuse thousands of domain names every day by launching large-scale attacks such as phishing or malware campaigns. While some domains are solely registered for malicious purposes, others are benign but get compromised and misused to serve malicious …
- 230000001010 compromised 0 title abstract description 89
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Maroofi et al. | Comar: Classification of compromised versus maliciously registered domains | |
| Gupta et al. | A novel approach for phishing URLs detection using lexical based machine learning in a real-time environment | |
| Zhauniarovich et al. | A survey on malicious domains detection through DNS data analysis | |
| Oest et al. | Inside a phisher's mind: Understanding the anti-phishing ecosystem through phishing kit analysis | |
| US11483343B2 (en) | Phishing detection system and method of use | |
| Rao et al. | CatchPhish: detection of phishing websites by inspecting URLs | |
| Sadiq et al. | A review of phishing attacks and countermeasures for internet of things‐based smart business applications in industry 4.0 | |
| Catakoglu et al. | Automatic extraction of indicators of compromise for web applications | |
| Marchal et al. | Proactive discovery of phishing related domain names | |
| Akiyama et al. | HoneyCirculator: distributing credential honeytoken for introspection of web-based attack cycle | |
| Fung et al. | Intrusion detection networks: a key to collaborative security | |
| Gandotra et al. | Improving spoofed website detection using machine learning | |
| Maroofi et al. | Are you human? resilience of phishing detection to evasion techniques based on human verification | |
| SatheeshKumar et al. | A lightweight and proactive rule-based incremental construction approach to detect phishing scam | |
| Akiyama et al. | Active credential leakage for observing web-based attack cycle | |
| Shukla et al. | HTTP header based phishing attack detection using machine learning | |
| Chen et al. | Efficient suspicious URL filtering based on reputation | |
| Birthriya et al. | A comprehensive survey of social engineering attacks: Taxonomy of attacks, prevention, and mitigation strategies | |
| Aljahdalic et al. | URL filtering using machine learning algorithms | |
| Marchal | DNS and semantic analysis for phishing detection | |
| Lee et al. | DGA-based malware detection using DNS traffic analysis | |
| Rahman et al. | Classification of spamming attacks to blogging websites and their security techniques | |
| Li | An empirical analysis on threat intelligence: Data characteristics and real-world uses | |
| Lee et al. | Beneath the phishing scripts: A script-level analysis of phishing kits and their impact on real-world phishing websites | |
| Fryer et al. | Malicious web pages: What if hosting providers could actually do something… |