DigitalWatering Hole Attack Detection Using Sequential Pattern

Authors

  • T. Subburaj Department of Computer Applications, Kalasalingam Academy of Research and Education, Krishnankoil - 626126, Tamilnadu, India
  • K. Suthendran Department of Information Technology, Kalasalingam Academy of Research and Education, Krishnankoil - 626126, Tamilnadu, India

DOI:

https://doi.org/10.13052/2245-1439.711

Keywords:

Watering hole, Relative confidence, Cyber attack, Sequence pattern, Phishing

Abstract

Internet plays a vital role in day to day communication, business transactions etc and thus unavoidable. But many of the users are lagging in using the same in a secured manner which increases the possibility of attack. In 2017, Attackers had targeted dozens of global banks with new malware.Watering hole attacks attempt to infect more than 100 organizations in 31 different countries. It is becoming very difficult to detect and prevent the cyber attacks, since new attacks are increasing day by day.Awatering hole attack is a computer attack in which the attacker aims to victim the kind of websites that the target group go to often and checks these websites for vulnerabilities. After that by injecting Java Script or HTMLredirects the victim to a separate site hosting the exploit code for the chosen vulnerability. In this paper, a novel method is proposed to detect the possibility of watering hole attack using support count and confidence of the sequence pattern mining. Further by analysing the website URL links, alarming the users about the watering hole attack.

 

Downloads

Download data is not yet available.

Author Biographies

T. Subburaj, Department of Computer Applications, Kalasalingam Academy of Research and Education, Krishnankoil - 626126, Tamilnadu, India

T. Subburaj is a Research Scholar in the Department of Computer Applications, Kalasalingam Academy of Research and Education, Krishnankoil, Tamilnadu, India, from 2016. He received his B. Sc in Computer science from Madurai Kamaraj University in 2003; his degree of Master of Computer Applications from Anna University in 2006 and his M.E. Computer Science and Engineering from Anna University in 2012. His current research areas include Distributed system and network security.

K. Suthendran, Department of Information Technology, Kalasalingam Academy of Research and Education, Krishnankoil - 626126, Tamilnadu, India

Suthendran Kannan received his B.E. Electronics and Communication Engineering from Madurai Kamaraj University in 2002; his M.E. Communication Systems from Anna University in 2006 and his Ph.D Electronics and Communication Engineering from Kalasalingam University in 2015. He was a Research and Development Engineer at Matrixview Technologies Private Limited, Chennai for a couple of years. He is now the Head, Cyber Forensics Research Laboratory and Associate Professor in Information Technology, Kalasalingam Academy of Research and Education. His current research interests include Cyber Security, Communication System, Signal Processing, Image Processing, etc.

References

Kirda, E., and Kruegel, C. (2005). Protecting users against phishing attacks with antiphish. In Computer Software and Applications Conference, 2005. COMPSAC 2005. 29th Annual International, 1, 517–524. IEEE.

Fette, I., Sadeh, N., and Tomasic, A. (2007). Learning to detect phishing emails. In Proceedings of the 16th international conference on World Wide Web 649–656. ACM.

Barraclough, P., and Sexton, G. (2015). Phishing website detection fuzzy system modelling. In Science and Information Conference (SAI), 2015 1384–1386. IEEE. London, UK, DOI:10.1109/SAI.2015.7237323

Zhang, J., Ou, Y., Li, D., and Xin, Y. (2012). A Prior-based Transfer Learning Method for the Phishing Detection. JNW, 7(8), 1201–1207.

Afroz, S., and Greenstadt, R. (2011, September). Phishzoo: Detecting phishing websites by looking at them. In Semantic Computing (ICSC), 2011 Fifth IEEE International Conference on 368–375. IEEE. DOI:10.1109/ICSC.2011.27

Mahmood Ali, M., and Rajamani, L. (2012). “APD: ARM Deceptive Phishing Detector System Phishing Detection in Instant Messengers Using Data Mining Approach”, In Global Trends in Computing and Communication Systems CCIS 269, 490–502.

Hamid, I. R. A., Abawajy, J., and Kim, T. H. (2013). Using feature selection and classification scheme for automating phishing email detection. Studies in Informatics and Control, 22(1), 61–70.

Na, S. Y., Kim, H., and Lee, D. H. (2014). Prevention schemes against phishing attacks on internet banking systems. International Journal of Advances in Soft Computing & Its Applications, 6(1), 1–5.

Subburaj, T., Suthendran, K., and Arumugam, S. (2017). “Statistical Approach to Trace the Source of Attack Based on the Variability in Data Flows”, In International Conference on Theoretical Computer Science and Discrete Mathematics, 392–400.

Subburaj T., and Suthendran, K. (2017). “Detection and Trace Back of DDoS Attack Based on Statistical Approach”, Journal of Advanced Research in Dynamical & Control Systems, 66–74.

Available at: https://krebsonsecurity.com/tag/watering-hole-attack/

Available at: http://www.symantec.com/connect/blogs/internet-explorer-zero-day-used-watering-hole-attack-qa

Available at: https://blog.pivotal.io/data-science-pivotal/case-studies/sequential-pattern-mining-approach-for-watering-hole-attack-detection-2

Available at: http://www.link-checker-pro.com/

Council on Foreign Relations Website Hit by Watering Hole Attack, “IE Zero-Day Exploit”. Threat posts the first stop for security news. 2012-12-29. Retrieved 2017-04-02.

Attackers target dozens of global banks with new malware. Symantec Security Response. Retrieved 2017-04-02.l

Available at: https://threatpost.com/researchers-find-blackenergy-apt-links-in-expetr-code/126662

Downloads

Published

2018-02-23

How to Cite

1.
Subburaj T, Suthendran K. DigitalWatering Hole Attack Detection Using Sequential Pattern. JCSANDM [Internet]. 2018 Feb. 23 [cited 2024 Nov. 25];7(1-2):1-12. Available from: https://journals.riverpublishers.com/index.php/JCSANDM/article/view/5267

Issue

Section

Articles