REdiREKT: Extracting Malicious Redirections from Exploit Kit Traffic

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Downloads (Pure)

Abstract

This paper proposes REdiREKT, a system which utilises the open-source Zeek Intrusion Detection System (IDS) to map HTTP redirection chains observed in Exploit Kit (EK) attacks and extracts distinguishing features to assist machine learning (ML). We build a ground-truth dataset of EK samples, ensuring that the redirection chains for every sample are accurate and reusable in future experiments. By processing a unique combination of 9 redirection techniques, REdiREKT was able to correctly extract 96.52% of malicious domains from 1279 EK samples, spanning 28 families and 8 campaigns, and, only failed to extract 0.7% of malicious chains.

Using the VirusTotal API to filter out domains flagged as malicious, we build a benign dataset from the Alexa top 10k websites, extracting 12,783 domains from 5910 redirection chains. The malicious redirection data is divided into yearly and family-based categories and compared to the benign results. Based on our analysis of the collected data, we extract and store 48 key features from websites within the redirection chains that could aid future ML-based detection efforts. Finally, we evaluate the performance of REdiREKT, compare it with existing research, and, suggest use-cases and future areas of work.
Original languageEnglish
Title of host publication2020 IEEE Conference on Communications and Network Security (CNS): Proceedings
Publisher IEEE
Number of pages9
Publication statusAccepted - 03 May 2020
EventIEEE Conference on Communications and Network Security - Virtual, Avignon, France
Duration: 29 Jun 202001 Jul 2020
https://cns2020.ieee-cns.org/

Conference

ConferenceIEEE Conference on Communications and Network Security
Abbreviated titleCNS 2020
CountryFrance
CityAvignon
Period29/06/202001/07/2020
Internet address

Keywords

  • Exploit Kits
  • Web Security
  • Malware
  • Cyber-Security
  • Cloud Security

Fingerprint Dive into the research topics of 'REdiREKT: Extracting Malicious Redirections from Exploit Kit Traffic'. Together they form a unique fingerprint.

  • Cite this

    Burgess, J., Carlin, D., O'Kane, P., & Sezer, S. (Accepted/In press). REdiREKT: Extracting Malicious Redirections from Exploit Kit Traffic. In 2020 IEEE Conference on Communications and Network Security (CNS): Proceedings [1570641813] IEEE .