Detecting malicious activities with user-agent-based profiles
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Zhang, Yang | ko |
| dc.contributor.author | Mekky, Hesham | ko |
| dc.contributor.author | Zhang, Zhi-Li | ko |
| dc.contributor.author | Torres, Ruben | ko |
| dc.contributor.author | Lee, Sung-Ju | ko |
| dc.contributor.author | Tongaonkar, Alok | ko |
| dc.contributor.author | Mellia, Marco | ko |
| dc.date.accessioned | 2016-04-12T08:19:52Z | - |
| dc.date.available | 2016-04-12T08:19:52Z | - |
| dc.date.created | 2015-10-02 | - |
| dc.date.created | 2015-10-02 | - |
| dc.date.issued | 2015-09 | - |
| dc.identifier.citation | INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT, v.25, no.5, pp.306 - 319 | - |
| dc.identifier.issn | 1055-7148 | - |
| dc.identifier.uri | http://hdl.handle.net/10203/203524 | - |
| dc.description.abstract | Hypertext transfer protocol (HTTP) has become the main protocol to carry out malicious activities. Attackers typically use HTTP for communication with command-and-control servers, click fraud, phishing and other malicious activities, as they can easily hide among the large amount of benign HTTP traffic. The user-agent (UA) field in the HTTP header carries information on the application, operating system (OS), device, and so on, and adversaries fake UA strings as a way to evade detection. Motivated by this, we propose a novel grammar-guided UA string classification method in HTTP flows. We leverage the fact that a number of standard' applications, such as web browsers and iOS mobile apps, have well-defined syntaxes that can be specified using context-free grammars, and we extract OS, device and other relevant information from them. We develop association heuristics to classify UA strings that are generated by non-standard' applications that do not contain OS or device information. We provide a proof-of-concept system that demonstrates how our approach can be used to identify malicious applications that generate fake UA strings to engage in fraudulent activities. | - |
| dc.language | English | - |
| dc.publisher | WILEY-BLACKWELL | - |
| dc.title | Detecting malicious activities with user-agent-based profiles | - |
| dc.type | Article | - |
| dc.identifier.wosid | 000360842100004 | - |
| dc.identifier.scopusid | 2-s2.0-84941176313 | - |
| dc.type.rims | ART | - |
| dc.citation.volume | 25 | - |
| dc.citation.issue | 5 | - |
| dc.citation.beginningpage | 306 | - |
| dc.citation.endingpage | 319 | - |
| dc.citation.publicationname | INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT | - |
| dc.identifier.doi | 10.1002/nem.1900 | - |
| dc.contributor.localauthor | Lee, Sung-Ju | - |
| dc.contributor.nonIdAuthor | Zhang, Yang | - |
| dc.contributor.nonIdAuthor | Mekky, Hesham | - |
| dc.contributor.nonIdAuthor | Zhang, Zhi-Li | - |
| dc.contributor.nonIdAuthor | Torres, Ruben | - |
| dc.contributor.nonIdAuthor | Tongaonkar, Alok | - |
| dc.contributor.nonIdAuthor | Mellia, Marco | - |
| dc.type.journalArticle | Article | - |
- Appears in Collection
- CS-Journal Papers(저널논문)
- Files in This Item
- There are no files associated with this item.
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 5 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.