FriSM: Malicious exploit kit detection via feature-based string-similarity matching
Since an exploit kit (EK) was first developed, an increasing number of attempts has been made to infect users’ PCs by transmitting malware via EKs. To tackle such malware distribution, we propose herein an enhanced similarity-matching technique that determines whether the test sets are similar to the pattern sets in which the structural properties of EKs are defined. A key characteristic of our similarity-matching technique is that, unlike typical pattern-matching, it can detect isomorphic variants derived from EKs. In an experiment involving 36,950 datasets, our similarity-matching technique provides a TP rate of 99.9% and an FP rate of 0.001% with a performance of 0.003 s/page.
- Publisher
- Springer Verlag
- Issue Date
- 2018-08
- Language
- English
- Citation
14th International EAI Conference on Security and Privacy in Communication Networks, SecureComm 2018, pp.416 - 432
- ISSN
- 1867-8211
- Appears in Collection
- CS-Conference Papers(학술회의논문)
- Files in This Item
- There are no files associated with this item.
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 3 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.