DocumentCode :
3718757
Title :
DbDHunter: An ensemble-based anomaly detection approach to detect drive-by download attacks
Author :
Mehran Jodavi;Mahdi Abadi;Elham Parhizkar
Author_Institution :
Department of Electrical and Computer Engineering, Tarbiat Modares University, Tehran, Iran
fYear :
2015
Firstpage :
273
Lastpage :
278
Abstract :
Drive-by download attacks, typically implemented in JavaScript, are among the most common attack vectors in recent years. To confront these attacks, several anomaly detection techniques have been proposed. The techniques are able to detect previously unseen drive-by download attacks, but they often produce many false alarms that make them difficult to use in practice. In this paper, we address this problem by presenting DbDHunter, a novel ensemble-based anomaly detection approach to detect drive-by download attacks. It is motivated by the observation that the detection performance of an ensemble that is composed of multiple base classifiers tends to be better than any of them. DbDHunter constructs an initial ensemble of one-class classifiers and applies a binary particle swarm optimization algorithm, called SwarmSnips, on the ensemble to find a near-optimal sub-ensemble for classifying web pages as benign or malicious. To combine the outputs of one-class classifiers in the sub-ensemble, DbDHunter uses a specific ordered weighted averaging operator, called the SIOWA operator. The results of our experiments performed on a dataset of benign and malicious web pages show that DbDHunter can achieve about 96.3% detection rate, 1.8% false alarm rate, and 97% accuracy.
Keywords :
Yttrium
Publisher :
ieee
Conference_Titel :
Computer and Knowledge Engineering (ICCKE), 2015 5th International Conference on
Type :
conf
DOI :
10.1109/ICCKE.2015.7365841
Filename :
7365841
Link To Document :
بازگشت