WEKO3
-
RootNode
アイテム
Analyzing Spatial Structure of IP Addresses for Detecting Malicious Websites
https://ipsj.ixsq.nii.ac.jp/records/92712
https://ipsj.ixsq.nii.ac.jp/records/92712b59f104e-a5bd-4c28-bff8-03a55c688474
名前 / ファイル | ライセンス | アクション |
---|---|---|
![]() |
Copyright (c) 2013 by the Information Processing Society of Japan
|
|
オープンアクセス |
Item type | Journal(1) | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
公開日 | 2013-06-15 | |||||||||||||
タイトル | ||||||||||||||
タイトル | Analyzing Spatial Structure of IP Addresses for Detecting Malicious Websites | |||||||||||||
タイトル | ||||||||||||||
言語 | en | |||||||||||||
タイトル | Analyzing Spatial Structure of IP Addresses for Detecting Malicious Websites | |||||||||||||
言語 | ||||||||||||||
言語 | eng | |||||||||||||
キーワード | ||||||||||||||
主題Scheme | Other | |||||||||||||
主題 | [特集:Applications and the Internet in Conjunction with Main Topics of SAINT 2012] Web/Mail security, computer viruses, machine learning, IP address, drive-by-download attacks | |||||||||||||
資源タイプ | ||||||||||||||
資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||||
資源タイプ | journal article | |||||||||||||
著者所属 | ||||||||||||||
Department of Computer Science and Engineering, Waseda University | ||||||||||||||
著者所属 | ||||||||||||||
Department of Computer Science and Engineering, Waseda University | ||||||||||||||
著者所属 | ||||||||||||||
NTT Network Technology Laboratories, NTT Corporation | ||||||||||||||
著者所属 | ||||||||||||||
Department of Computer Science and Engineering, Waseda University | ||||||||||||||
著者所属(英) | ||||||||||||||
en | ||||||||||||||
Department of Computer Science and Engineering, Waseda University | ||||||||||||||
著者所属(英) | ||||||||||||||
en | ||||||||||||||
Department of Computer Science and Engineering, Waseda University | ||||||||||||||
著者所属(英) | ||||||||||||||
en | ||||||||||||||
NTT Network Technology Laboratories, NTT Corporation | ||||||||||||||
著者所属(英) | ||||||||||||||
en | ||||||||||||||
Department of Computer Science and Engineering, Waseda University | ||||||||||||||
著者名 |
Daiki, Chiba
× Daiki, Chiba
× Kazuhiro, Tobe
× Tatsuya, Mori
× Shigeki, Goto
|
|||||||||||||
著者名(英) |
Daiki, Chiba
× Daiki, Chiba
× Kazuhiro, Tobe
× Tatsuya, Mori
× Shigeki, Goto
|
|||||||||||||
論文抄録 | ||||||||||||||
内容記述タイプ | Other | |||||||||||||
内容記述 | Web-based malware attacks have become one of the most serious threats that need to be addressed urgently. Several approaches that have attracted attention as promising ways of detecting such malware include employing one of several blacklists. However, these conventional approaches often fail to detect new attacks owing to the versatility of malicious websites. Thus, it is difficult to maintain up-to-date blacklists with information for new malicious websites. To tackle this problem, this paper proposes a new scheme for detecting malicious websites using the characteristics of IP addresses. Our approach leverages the empirical observation that IP addresses are more stable than other metrics such as URLs and DNS records. While the strings that form URLs or DNS records are highly variable, IP addresses are less variable, i.e., IPv4 address space is mapped onto 4-byte strings. In this paper, a lightweight and scalable detection scheme that is based on machine learning techniques is developed and evaluated. The aim of this study is not to provide a single solution that effectively detects web-based malware but to develop a technique that compensates the drawbacks of existing approaches. The effectiveness of our approach is validated by using real IP address data from existing blacklists and real traffic data on a campus network. The results demonstrate that our scheme can expand the coverage/accuracy of existing blacklists and also detect unknown malicious websites that are not covered by conventional approaches. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.21(2013) No.3 (online) DOI http://dx.doi.org/10.2197/ipsjjip.21.539 ------------------------------ |
|||||||||||||
論文抄録(英) | ||||||||||||||
内容記述タイプ | Other | |||||||||||||
内容記述 | Web-based malware attacks have become one of the most serious threats that need to be addressed urgently. Several approaches that have attracted attention as promising ways of detecting such malware include employing one of several blacklists. However, these conventional approaches often fail to detect new attacks owing to the versatility of malicious websites. Thus, it is difficult to maintain up-to-date blacklists with information for new malicious websites. To tackle this problem, this paper proposes a new scheme for detecting malicious websites using the characteristics of IP addresses. Our approach leverages the empirical observation that IP addresses are more stable than other metrics such as URLs and DNS records. While the strings that form URLs or DNS records are highly variable, IP addresses are less variable, i.e., IPv4 address space is mapped onto 4-byte strings. In this paper, a lightweight and scalable detection scheme that is based on machine learning techniques is developed and evaluated. The aim of this study is not to provide a single solution that effectively detects web-based malware but to develop a technique that compensates the drawbacks of existing approaches. The effectiveness of our approach is validated by using real IP address data from existing blacklists and real traffic data on a campus network. The results demonstrate that our scheme can expand the coverage/accuracy of existing blacklists and also detect unknown malicious websites that are not covered by conventional approaches. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.21(2013) No.3 (online) DOI http://dx.doi.org/10.2197/ipsjjip.21.539 ------------------------------ |
|||||||||||||
書誌レコードID | ||||||||||||||
収録物識別子タイプ | NCID | |||||||||||||
収録物識別子 | AN00116647 | |||||||||||||
書誌情報 |
情報処理学会論文誌 巻 54, 号 6, 発行日 2013-06-15 |
|||||||||||||
ISSN | ||||||||||||||
収録物識別子タイプ | ISSN | |||||||||||||
収録物識別子 | 1882-7764 |