Skip to main content
Conference Proceedings

FriSM: Malicious exploit kit detection via feature-based string-similarity matching

Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST (2018) 254 416-432
DOI: 10.1007/978-3-030-01701-9_23
3Citations
Citations of this article
6Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Since an exploit kit (EK) was first developed, an increasing number of attempts has been made to infect users’ PCs by transmitting malware via EKs. To tackle such malware distribution, we propose herein an enhanced similarity-matching technique that determines whether the test sets are similar to the pattern sets in which the structural properties of EKs are defined. A key characteristic of our similarity-matching technique is that, unlike typical pattern-matching, it can detect isomorphic variants derived from EKs. In an experiment involving 36,950 datasets, our similarity-matching technique provides a TP rate of 99.9% and an FP rate of 0.001% with a performance of 0.003 s/page.

Author supplied keywords

Cite

CITATION STYLE

APA

Kim, S., & Kang, B. B. H. (2018). FriSM: Malicious exploit kit detection via feature-based string-similarity matching. In Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST (Vol. 254, pp. 416–432). Springer Verlag. https://doi.org/10.1007/978-3-030-01701-9_23

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free