Return to search

Hitch-hiking attacks in online social networks and their defense via malicious URL classification. / CUHK electronic theses & dissertations collection

近年來,網絡的犯罪數量一直在迅速增加。現在,惡意軟件作者編寫惡意程序竊取用戶的個人信息,或提供基於垃圾郵件的營銷服務為利潤的地方。為了更有效地傳播惡意軟件,黑客已經開始瞄準流行的在線社交網絡服務(SNS)的 SNS用戶和服務的互動性之間固有的信任關係。一種常見的攻擊方法是惡意軟件自動登錄使用偷來的 SNS用戶憑據,然後提供接觸/被盜的用戶帳戶的朋友名單,他們通過在一些短消息嵌入惡意 URL(鏈接)。受害人然後認為是他們的朋友提供的鏈接,按一下被感染。然而,這種方法是有效的,惡意軟件來模仿人類類似的行為,它可以超越任何一個/兩個班輪對話。在這篇論文中,我們首先介紹一個新類型的攻擊,提供惡意網址 SNS用戶之間的合法對話。為了證明其概念,我們設計和實施名為 Hitchbot惡意軟件[1],其中包括多個攻擊源,為實現我們所提出的攻擊。特別是,當一個 SNS用戶發送一個鏈接/ URL到他/她的朋友,Hitchbot悄悄地取代類似,但惡意攔截在幾個可能的點之一,互動式輸入/輸出鏈接系統。由於惡意鏈接在一些適當的對話上下文之間的合法用戶交付,這使得它更難以對受害者(以及吊具)來實現攻擊,從而可以大幅增加轉換率。這方法也使 Hitchbot的繞過大多數現有的防禦計劃,主要是靠對用戶的行為或流量異常檢測。 Hitchbot是基於客戶端模塊的形式可以順利上常見的社交網絡服務,包括雅虎和微軟的郵件客戶端和其他基於 Web瀏覽器,如 Facebook和 MySpace的社交網絡服務的加息。為量化 Hitchbot的效力,我們已經研究,交換和處理對 URL操作時用戶的行為。最後,我們研究通過自動在線分類 /識別惡意網址的可行性。尤其是不同類型的屬性/惡意 URL分類功能的有效性進行量化,從不同的惡意網址數據庫中獲得數據的基礎上,我們也考慮實時的準確性,嚴格的延遲要求影響和權衡需求的惡意網址分類。 / The number of cyber crimes has continued to increase rapidly in the recent years. It is now commonplace for malware authors to write malicious programs for prot by stealing user personal information or providing spam-based marketing services. In order to spread malware more effectively, hackers have started to target popular online social networking services (SNS) due to the inherent trust-relationship between the SNS users and the interactive nature of the services. A common attacking approach is for a malware to automatically login using stolen SNS user cre¬dentials and then deliver malicious URLs (links) to the people on the contact/friend-list of the stolen user account by embedding them in some short messages. The victim then gets infected by clicking on the links thought to be delivered by their friends. However, for this approach to be effective, the malware has to mimic human-like behavior which can be quite challenging for anything beyond one/two-liner conversations. In this thesis, we first introduce a new type of attacks called the social hitch-hiking attacks which use a stealthier way to deliver malicious URLs by hitch-hiking on legitimate conversations among SNS users. As a proof-of-concept, we have designed and implemented a malware named Hitchbot [1] which incorporates multiple attack vectors for the realization of our proposed social hitch-hiking attacks. In particular, when a SNS user sends a link/URL to his/her friends, Hitchbot quietly replaces it with a similar-looking, but malicious one by intercepting the link at one of the several pos¬sible points along the interactive-input/output chain of the system. Since the malicious link is delivered within some proper conversation context between the legitimate users, this makes it much more difficult for the victim (which is also the spreader) to realize the attack and thus can increase the conversion rate substantially. The hitch-hiking approach also enables Hitchbot to bypass most existing defense schemes which mainly rely on user-behavior or traffic anomaly detection. Hitchbot is in form of a client-based module which can hitch-hike on common social networking services including the Yahoo and Microsoft Messaging clients and other web-browser-based social-networking services such as Facebook and Myspace. To quantify the effectiveness of Hitchbot, we have studied the behavior of users in exchanging, handling and operating on URLs. Lastly, we study the feasibility of defending hitching-hiking attacks via automated online classification/identification of malicious URLs. In particular, the effectiveness of different types of attributes/features used in malicious URL classification are quantified based on a data obtained from various malicious URL databases. We also consider the implications and trade-offis of stringent latency requirement on the accuracy of real-time, on-demand malicious URL classifications. / Detailed summary in vernacular field only. / Lam, Ka Chun. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2012. / Includes bibliographical references (leaves 43-48). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstracts also in Chinese. / Abstract --- p.i / Acknowledgement --- p.iv / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Background --- p.1 / Chapter 1.2 --- Organization --- p.4 / Chapter 2 --- Related Work --- p.6 / Chapter 2.1 --- Exploiting Social Networking Services --- p.6 / Chapter 2.1.1 --- Malware Spreading Channels in SNS --- p.7 / Chapter 2.1.2 --- Common Exploits on SNS platforms --- p.10 / Chapter 2.2 --- Recent defense mechanisms of Malware --- p.12 / Chapter 3 --- A New Class of Attacks via Social Hitch-hiking --- p.14 / Chapter 3.1 --- The Social Hitch-hiking Attack --- p.14 / Chapter 3.1.1 --- The Interactive User Input/Output Chain --- p.16 / Chapter 3.1.2 --- Four Attack Vectors --- p.17 / Chapter 4 --- Attack Evaluation and Measurement --- p.26 / Chapter 4.1 --- Comparison of Attack Vectors --- p.26 / Chapter 4.2 --- Attack Measurement --- p.27 / Chapter 4.3 --- Defense against Hitch-hiking Attacks --- p.29 / Chapter 5 --- Defense via Malicious URL Classification --- p.31 / Chapter 5.1 --- Methodology --- p.31 / Chapter 5.2 --- Attributes --- p.33 / Chapter 5.2.1 --- Lexical attributes --- p.34 / Chapter 5.2.2 --- Webpage content attributes --- p.34 / Chapter 5.2.3 --- Network attributes --- p.34 / Chapter 5.2.4 --- Host-based attributes --- p.35 / Chapter 5.2.5 --- Link popularity attributes --- p.36 / Chapter 5.3 --- Performance Evaluation and Discussions --- p.36 / Chapter 6 --- Conclusion and Future work --- p.41

Identiferoai:union.ndltd.org:cuhk.edu.hk/oai:cuhk-dr:cuhk_328103
Date January 2012
ContributorsLam, Ka Chun., Chinese University of Hong Kong Graduate School. Division of Information Engineering.
Source SetsThe Chinese University of Hong Kong
LanguageEnglish, Chinese
Detected LanguageEnglish
TypeText, bibliography
Formatelectronic resource, electronic resource, remote, 1 online resource (ix, 48 leaves) : ill. (some col.)
RightsUse of this resource is governed by the terms and conditions of the Creative Commons “Attribution-NonCommercial-NoDerivatives 4.0 International” License (http://creativecommons.org/licenses/by-nc-nd/4.0/)

Page generated in 0.003 seconds