Title page for etd-0110112-180904


[Back to Results | New Search]

URN etd-0110112-180904
Author Jhe-Jhun Huang
Author's Email Address lawrence4233@gmail.com
Statistics This thesis had been viewed 5353 times. Download 518 times.
Department Information Management
Year 2011
Semester 1
Degree Master
Type of Document
Language zh-TW.Big5 Chinese
Title Detecting Drive-by Download Based on Reputation System
Date of Defense 2011-12-28
Page Count 52
Keyword
  • Honeypot
  • Machine Learning
  • Drive-by Download
  • Reputation System
  • DNS
  • Abstract Drive-by download is a sort of network attack which uses different techniques to plant malicious codes in their computers. It makes the traditional intrusion detection systems and firewalls nonfunctional in the reason that those devices could not detect web-based threats.
    The Crawler-based approach has been proposed by many studies to discover drive-by download sites. However, the Crawler-based approach could not simulate the real user behavior of web browsing when drive-by download attack happens. Therefore, this study proposes a new approach to detect drive-by download by sniffing HTTP flow.
    This study uses reputation system to improve the efficiency of client honeypots, and adjusts client honeypots to process the raw data of HTTP flow. In the experiment conducted in real network environment, this study show the performance of a single client honeypot could reach average 560,000 HTTP success access log per day. Even in the peak traffic, this mechanism reduced the process time to 22 hours, and detected drive-by download sites that users were actually browsing.
    Reputation system in this study is applicable to varieties of domain names because it does not refer to online WHOIS database. It established classification model on machine learning in 12 features. The correct classification rate of the reputation system applied in this study is 90.9%. Compared with other Reputation System studies, this study not only extract features from DNS A-Type but also extract features from DNS NS-Type. The experiment results show the Error Rate of the new features from DNS NS-Type is only 19.03%.
    Advisory Committee
  • D. J. Guan - chair
  • Hui-Tang Lin - co-chair
  • Han-Wei Hsiao - co-chair
  • Chia-Mei Chen - advisor
  • Files
  • etd-0110112-180904.pdf
  • Indicate in-campus at 5 year and off-campus access at 5 year.
    Date of Submission 2012-01-10

    [Back to Results | New Search]


    Browse | Search All Available ETDs

    If you have more questions or technical problems, please contact eThesys