TC: Small: Collaborative Research: Predictive Blacklisting for Detecting Phishing Attacks

TC：小型：协作研究：用于检测网络钓鱼攻击的预测性黑名单

• 批准号: 1018617
• 负责人: Minaxi Gupta
• 金额: $ 25万
• 依托单位: Indiana University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2010
• 资助国家: 美国
• 起止时间: 2010-08-01 至 2015-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1018617&HistoricalAwards=false
• 关键词: TC; Small; Collaborative; Research; Predictive

Internet fraud costs consumers and businesses billions of dollars each year. Through creative combinations of spam and social engineering, attackers regularly lure end users into visiting phishing sites, malware-hosting sites, and scam sites. One popular defense mechanism against Web-based attacks is blacklisting, but today's blacklists suffer from three fundamental deciencies. First, most of them employ a combination of Web crawling and human intervention to infer malicious sites. This adds an inherent delay in adding entries and causes many malicious sites to be missed. Second, blacklists are mostly based on exact URL strings, and hence unable to adapt to simple changes to the URLs that attackers are using today to evade detection. Third, as blacklist entries grow, matching them against URLs in real-time could create performance bottlenecks. To overcome these deficiencies, this project is developing novel mechanisms to aid in the construction, maintenance, and matching of blacklists in real time. Specifically, it is developing a scalable architecture that can discover new malicious websites by passively observing the onset of new techniques exploited by the miscreants, such as redirects and fast flux in network traffic. The architecture also leverages common attacker tendencies to find novel and automated ways of discovering new malicious URLs from existing blacklisted URLs. The final thrust of the project is on developing high-speed approximate matching algorithms for effective in-network blacklisting to match URLs embedded in packets against potentially millions of blacklist entries. If successful, this project will make the Web safer for millions of Internet users.

互联网欺诈每年给消费者和企业造成数十亿美元的损失。通过垃圾邮件和社会工程的创造性组合，攻击者经常诱使最终用户访问钓鱼网站、恶意软件托管网站和诈骗网站。 针对基于Web的攻击的一种流行的防御机制是黑名单，但今天的黑名单受到三个基本决定的影响。首先，他们中的大多数采用Web爬行和人工干预的组合来推断恶意站点。这增加了添加条目的固有延迟，并导致错过许多恶意网站。其次，黑名单大多基于精确的URL字符串，因此无法适应攻击者今天用来逃避检测的URL的简单更改。 第三，随着黑名单条目的增长，将它们与URL实时匹配可能会产生性能瓶颈。为了克服这些缺陷，该项目正在开发新的机制，以帮助真实的建立、维护和匹配黑名单。具体来说，它正在开发一种可扩展的架构，可以通过被动地观察歹徒利用的新技术的开始来发现新的恶意网站，例如网络流量中的重定向和快速流量。 该架构还利用常见的攻击者倾向来寻找从现有的黑名单URL中发现新的恶意URL的新颖和自动化的方法。该项目的最终目标是开发高速近似匹配算法，用于有效的网络内黑名单，以将嵌入在数据包中的URL与潜在的数百万个黑名单条目进行匹配。 如果成功，该项目将使数百万互联网用户的网络更加安全。