Detecting client-side e-banking fraud using a heuristic model

Similar documents
LASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages

Secure all the things with graphs and predictive analytics

Machine Learning with MATLAB David Willingham Application Engineer

Application of Data Mining based Malicious Code Detection Techniques for Detecting new Spyware

2.0. Specification of HSN 2.0 JavaScript Static Analyzer

Introduction to Data Mining

Detection of Malicious URLs by Correlating the Chains of Redirection in an Online Social Network (Twitter)

Automatic Detection for JavaScript Obfuscation Attacks in Web Pages through String Pattern Analysis

Prophiler: A Fast Filter for the Large-Scale Detection of Malicious Web Pages

Prediction of Heart Disease Using Naïve Bayes Algorithm

The Power of Obfuscation Techniques in Malicious JavaScript Code: A Measurement Study

Protect Your Business and Customers from Online Fraud

A Content based Spam Filtering Using Optical Back Propagation Technique

Protection, Usability and Improvements in Reflected XSS Filters

CLASSIFYING NETWORK TRAFFIC IN THE BIG DATA ERA

An Introduction to Data Mining

Detection. Perspective. Network Anomaly. Bhattacharyya. Jugal. A Machine Learning »C) Dhruba Kumar. Kumar KaKta. CRC Press J Taylor & Francis Croup

T : Classification as Spam or Ham using Naive Bayes Classifier. Santosh Tirunagari :

Internet Monitoring via DNS Traffic Analysis. Wenke Lee Georgia Institute of Technology

Transaction Anomaly Protection Stopping Malware At The Door. White Paper

Web application testing

Three types of messages: A, B, C. Assume A is the oldest type, and C is the most recent type.

SQL INJECTION IN MYSQL

Spam Detection A Machine Learning Approach

CYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION

Feature Subset Selection in Spam Detection

MACHINE LEARNING & INTRUSION DETECTION: HYPE OR REALITY?

Web-Application Security

Detecting Obfuscated JavaScripts using Machine Learning

Fighting Advanced Threats

Universal XSS via IE8s XSS Filters

Introduction to Data Mining and Machine Learning Techniques. Iza Moise, Evangelos Pournaras, Dirk Helbing

SECURITY ADVISORY. December 2008 Barracuda Load Balancer admin login Cross-site Scripting

Botnets: The Advanced Malware Threat in Kenya's Cyberspace

MACHINE LEARNING BASICS WITH R

Spam Detection on Twitter Using Traditional Classifiers M. McCord CSE Dept Lehigh University 19 Memorial Drive West Bethlehem, PA 18015, USA

A Multi agent Scanner to Detect Stored XSS Vulnerabilities

Recurrent Patterns Detection Technology. White Paper

Decision Support System For A Customer Relationship Management Case Study

Defending Networks with Incomplete Information: A Machine Learning Approach. Alexandre

Removing Web Spam Links from Search Engine Results

BioCatch Fraud Detection CHECKLIST. 6 Use Cases Solved with Behavioral Biometrics Technology

Sandy. The Malicious Exploit Analysis. Static Analysis and Dynamic exploit analysis. Garage4Hackers

A Logistic Regression Approach to Ad Click Prediction

Social Media Mining. Data Mining Essentials

International Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 3, May-June 2015

Machine Learning using MapReduce

Security of Web Applications and Browsers: Challenges and Solutions

Networks and Security Lab. Network Forensics

Spam Filtering using Naïve Bayesian Classification

Monitoring Web Browsing Habits of User Using Web Log Analysis and Role-Based Web Accessing Control. Phudinan Singkhamfu, Parinya Suwanasrikham

Deposit Identification Utility and Visualization Tool

Data Mining Part 5. Prediction

AUTO CLAIM FRAUD DETECTION USING MULTI CLASSIFIER SYSTEM

WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES


Detecting Spam Bots in Online Social Networking Sites: A Machine Learning Approach

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

FSOEP Web Banking & Fraud: Corporate Treasury Attacks

Detection of DOM-based Cross-Site Scripting by Analyzing Dynamically Extracted Scripts

Spam Filtering based on Naive Bayes Classification. Tianhao Sun

Integrating Web Application Security into the IT Curriculum

We are still vulnerable to clickjacking attacks: about 99% of Korean websites are dangerous

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework

HTTPParameter Pollution. ChrysostomosDaniel

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

On the Property of the Distribution of Symbols in SQL Injection Attack

Web Crawlers Detection

Malware Detection Module using Machine Learning Algorithms to Assist in Centralized Security in Enterprise Networks

MS1b Statistical Data Mining

Anti-Spam Filter Based on Naïve Bayes, SVM, and KNN model

Web Application Security

DON T FOLLOW ME: SPAM DETECTION IN TWITTER

Data Mining Algorithms Part 1. Dejan Sarka

Web Document Clustering

Bypassing NoScript Security Suite Using Cross-Site Scripting and MITM Attacks

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.

CSE 473: Artificial Intelligence Autumn 2010

WEBSENSE SECURITY SOLUTIONS OVERVIEW

Forecasting stock markets with Twitter

SOCIAL NETWORKS AND INFECTION MODEL

WE KNOW IT BEFORE YOU DO: PREDICTING MALICIOUS DOMAINS Wei Xu, Kyle Sanders & Yanxin Zhang Palo Alto Networks, Inc., USA

How To Create A Spam Detector On A Web Browser

Keywords data mining, prediction techniques, decision making.

INTERNET MARKETING. SEO Course Syllabus Modules includes: COURSE BROCHURE

IMPROVING SPAM FILTERING EFFICIENCY USING BAYESIAN BACKWARD APPROACH PROJECT

ARTIFICIAL INTELLIGENCE (CSCU9YE) LECTURE 6: MACHINE LEARNING 2: UNSUPERVISED LEARNING (CLUSTERING)

CS 558 Internet Systems and Technologies

Transcription:

Detecting client-side e-banking fraud using a heuristic model Tim Timmermans tim.timmermans@os3.nl Jurgen Kloosterman jurgen.kloosterman@os3.nl University of Amsterdam July 4, 2013 Tim Timmermans, Jurgen Kloosterman Research project 2. (1 of 21)

Introduction E-banking malware; Man-in-the-browser attack; Owns the browser; Not possible to detect malware with web techniques, i.e JavaScript. Tim Timmermans, Jurgen Kloosterman Research project 2. (2 of 21)

Normal banking web page Figure 1: Normal banking web page Tim Timmermans, Jurgen Kloosterman Research project 2. (3 of 21)

Malicious banking web page Figure 2: Malicious banking web page Tim Timmermans, Jurgen Kloosterman Research project 2. (4 of 21)

Research question To what extend is it possible to detect maliciously injected code into a web page using a heuristic model in order to counteract fraud and what is the performance of such technique in terms of accuracy and execution time? Tim Timmermans, Jurgen Kloosterman Research project 2. (5 of 21)

Current Solutions Pattern recognition; Cannot detect injections from unknown malware. Tim Timmermans, Jurgen Kloosterman Research project 2. (6 of 21)

Related Work CaffeineMonkey: a method to analyse and detect malicious JavaScript (Feinstein et. al.); Prophiler: a filter to examine millions of web pages for malicious content (Canali, Davide, et al.); Zozzle: a low-overhead solution that applies Bayesian analysis to detect JavaScript malware in the browser (Curtsinger, Charlie, et al.). Tim Timmermans, Jurgen Kloosterman Research project 2. (7 of 21)

Approach (1) Supervised machine learning; Labeling of benign and malicious pages Server-side detection mechanism; Goal: detect injections from unknown malware and difficult to bypass. Tim Timmermans, Jurgen Kloosterman Research project 2. (8 of 21)

Approach (2) Figure 3: Normal interaction with an e-banking web site. Tim Timmermans, Jurgen Kloosterman Research project 2. (9 of 21)

Approach (3) Figure 4: Overview of fraud detection implementation. Tim Timmermans, Jurgen Kloosterman Research project 2. (10 of 21)

Model overview Figure 5: Overview of the fraud detection model. Tim Timmermans, Jurgen Kloosterman Research project 2. (11 of 21)

Method: feature extraction Brief selection of features that are identified: iframes; inline styles; hidden elements; input fields; (obfuscated) Javascript; external Javascript, stylesheets and images. Figure 6: Feature extraction component A total of 26 relevant features are identified from HTML, Javascript and URLs Tim Timmermans, Jurgen Kloosterman Research project 2. (12 of 21)

Method: preprocessor Transforms the feature data to a vector as input for the classifier; Assigns a maliciousness score based on the extracted URL features. Figure 7: Preprocessor component Tim Timmermans, Jurgen Kloosterman Research project 2. (13 of 21)

Method: classifier Naïve Bayes learning algorithm Two components Trainer; Classification. Figure 8: Classifier components Tim Timmermans, Jurgen Kloosterman Research project 2. (14 of 21)

Classifier: trainer Train the classifier on manual labeled malicious and benign pages. Figure 9: Classifier - trainer component Tim Timmermans, Jurgen Kloosterman Research project 2. (15 of 21)

Classifier: classification Classifies an unknown page against the training set using the Bayes theorem; Result consists of a probability between 0 and 100% for each class. Figure 10: Classifier - classification Tim Timmermans, Jurgen Kloosterman Research component project 2. (16 of 21)

Results: performance Mean execution time to classify an unknown page: 0.176 seconds. Figure 11: Execution time performance Tim Timmermans, Jurgen Kloosterman Research project 2. (17 of 21)

Results: accuracy 90% accuracy reached with 32.000 instances in the training set. Figure 12: Accuracy measurements Tim Timmermans, Jurgen Kloosterman Research project 2. (18 of 21)

Results: model validation Experiment to validate the developed model: 1 Train classifier on page adapter by Zeus malware; 2 Classify a page adapted by Citadel malware. Result: classified as malicious with a probability of 100%. Tim Timmermans, Jurgen Kloosterman Research project 2. (19 of 21)

Conclusion Classifier reaches an accuracy of 90% given the used dataset (needs validation with more complete set); The developed model is able to counteract fraud, caused by (unknown) malware; Classification process of a web page is performed with a mean of 0.176 seconds; Improvement of the model may lower impact on resources and optimizing executing time. Tim Timmermans, Jurgen Kloosterman Research project 2. (20 of 21)

References Feinstein, Ben, Daniel Peck, and I. SecureWorks. Caffeine monkey: Automated collection, detection and analysis of malicious javascript. Black Hat USA 2007 (2007). Canali, Davide, et al. Prophiler: a fast filter for the large-scale detection of malicious web pages. Proceedings of the 20th international conference on World wide web. ACM, 2011. Curtsinger, Charlie, et al. ZOZZLE: Fast and Precise In-Browser JavaScript Malware Detection. USENIX Security Symposium. 2011. Tim Timmermans, Jurgen Kloosterman Research project 2. (21 of 21)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information