IDEAS home Printed from https://ideas.repec.org/a/igg/jisp00/v11y2017i4p16-28.html
   My bibliography  Save this article

Detection of Drive-by Download Attacks Using Machine Learning Approach

Author

Listed:
  • Monther Aldwairi

    (Jordan University of Science and Technology, Department of Network Engineering and Security, Irbid, Jordan)

  • Musaab Hasan

    (Zayed University, College of Technological Innovation, Abu Dhabi, U.A.E)

  • Zayed Balbahaith

    (Zayed University, College of Technological Innovation, Abu Dhabi, U.A.E)

Abstract

Drive-by download refers to attacks that automatically download malwares to user's computer without his knowledge or consent. This type of attack is accomplished by exploiting web browsers and plugins vulnerabilities. The damage may include data leakage leading to financial loss. Traditional antivirus and intrusion detection systems are not efficient against such attacks. Researchers proposed plenty of detection approaches mostly passive blacklisting. However, a few proposed dynamic classification techniques, which suffer from clear shortcomings. In this paper, we propose a novel approach to detect drive-by download infected web pages based on extracted features from their source code. We test 23 different machine learning classifiers using data set of 5435 webpages and based on the detection accuracy we selected the top five to build our detection model. The approach is expected to serve as a base for implementing and developing anti drive-by download programs. We develop a graphical user interface program to allow the end user to examine the URL before visiting the website. The Bagged Trees classifier exhibited the highest accuracy of 90.1% and reported 96.24% true positive and 26.07% false positive rate.

Suggested Citation

  • Monther Aldwairi & Musaab Hasan & Zayed Balbahaith, 2017. "Detection of Drive-by Download Attacks Using Machine Learning Approach," International Journal of Information Security and Privacy (IJISP), IGI Global, vol. 11(4), pages 16-28, October.
  • Handle: RePEc:igg:jisp00:v:11:y:2017:i:4:p:16-28
    as

    Download full text from publisher

    File URL: http://services.igi-global.com/resolvedoi/resolve.aspx?doi=10.4018/IJISP.2017100102
    Download Restriction: no
    ---><---

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:igg:jisp00:v:11:y:2017:i:4:p:16-28. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Journal Editor (email available below). General contact details of provider: https://www.igi-global.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.