Abstract | ||
---|---|---|
Hypertext transfer protocol (HTTP) has become the main protocol to carry out malicious activities. Attackers typically use HTTP for communication with command-and-control servers, click fraud, phishing and other malicious activities, as they can easily hide among the large amount of benign HTTP traffic. The user-agent (UA) field in the HTTP header carries information on the application, operating system (OS), device, and so on, and adversaries fake UA strings as a way to evade detection. Motivated by this, we propose a novel grammar-guided UA string classification method in HTTP flows. We leverage the fact that a number of standard' applications, such as web browsers and iOS mobile apps, have well-defined syntaxes that can be specified using context-free grammars, and we extract OS, device and other relevant information from them. We develop association heuristics to classify UA strings that are generated by non-standard' applications that do not contain OS or device information. We provide a proof-of-concept system that demonstrates how our approach can be used to identify malicious applications that generate fake UA strings to engage in fraudulent activities. Copyright (c) 2015 John Wiley & Sons, Ltd. |
Year | DOI | Venue |
---|---|---|
2015 | 10.1002/nem.1900 | INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT |
Field | DocType | Volume |
Phishing,Computer security,Computer science,Server,Computer network,Heuristics,Click fraud,Header,Malware,Hypertext Transfer Protocol,User agent | Journal | 25 |
Issue | ISSN | Citations |
5 | 1055-7148 | 2 |
PageRank | References | Authors |
0.41 | 5 | 7 |
Name | Order | Citations | PageRank |
---|---|---|---|
Yang Zhang | 1 | 34 | 5.55 |
Hesham Mekky | 2 | 30 | 5.07 |
Zhi Li Zhang | 3 | 87 | 5.86 |
Ruben Torres | 4 | 36 | 3.07 |
Sung-Ju Lee | 5 | 3511 | 278.11 |
Alok Tongaonkar | 6 | 241 | 14.88 |
Marco Mellia | 7 | 2748 | 204.65 |