The Experts below are selected from a list of 9 Experts worldwide ranked by ideXlab platform
Rana Omer - One of the best experts on this subject based on the ideXlab platform.
-
Prediction of drive-by download attacks on Twitter
'Elsevier BV', 2019Co-Authors: Javed Amir, Burnap Pete, Rana OmerAbstract:The popularity of Twitter for information discovery, coupled with the automatic shortening of URLs to save space, given the 140 character limit, provides cybercriminals with an opportunity to obfuscate the URL of a malicious Web page within a tweet. Once the URL is obfuscated, the cybercriminal can lure a user to click on it with enticing text and images before carrying out a cyber attack using a malicious Web server. This is known as a drive-by download. In a drive-by download a user’s computer System is infected while interacting with the malicious endpoint, often without them being made aware the attack has taken place. An attacker can gain control of the System by exploiting Unpatched System vulnerabilities and this form of attack currently represents one of the most common methods employed. In this paper we build a machine learning model using machine activity data and tweet metadata to move beyond post-execution classification of such URLs as malicious, to predict a URL will be malicious with 0.99 F-measure (using 10-fold cross-validation) and 0.833 (using an unseen test set) at 1 second into the interaction with the URL. Thus providing a basis from which to kill the connection to the server before an attack has completed and proactively blocking and preventing an attack, rather than reacting and repairing at a later date
-
Real Time Prediction of Drive by Download Attacks on Twitter
2017Co-Authors: Javed Amir, Burnap Pete, Rana OmerAbstract:The popularity of Twitter for information discovery, coupled with the automatic shortening of URLs to save space, given the 140 character limit, provides cyber criminals with an opportunity to obfuscate the URL of a malicious Web page within a tweet. Once the URL is obfuscated the cyber criminal can lure a user to click on it with enticing text and images before carrying out a cyber attack using a malicious Web server. This is known as a drive-by- download. In a drive-by-download a user's computer System is infected while interacting with the malicious endpoint, often without them being made aware, the attack has taken place. An attacker can gain control of the System by exploiting Unpatched System vulnerabilities and this form of attack currently represents one of the most common methods employed. In this paper, we build a machine learning model using machine activity data and tweet meta data to move beyond post-execution classification of such URLs as malicious, to predict a URL will be malicious with 99.2% F-measure (using 10-fold cross validation) and 83.98% (using an unseen test set) at 1 second into the interaction with the URL. Thus providing a basis from which to kill the connection to the server before an attack has completed and proactively blocking and preventing an attack, rather than reacting and repairing at a later date.Comment: 17 page
Javed Amir - One of the best experts on this subject based on the ideXlab platform.
-
Prediction of drive-by download attacks on Twitter
'Elsevier BV', 2019Co-Authors: Javed Amir, Burnap Pete, Rana OmerAbstract:The popularity of Twitter for information discovery, coupled with the automatic shortening of URLs to save space, given the 140 character limit, provides cybercriminals with an opportunity to obfuscate the URL of a malicious Web page within a tweet. Once the URL is obfuscated, the cybercriminal can lure a user to click on it with enticing text and images before carrying out a cyber attack using a malicious Web server. This is known as a drive-by download. In a drive-by download a user’s computer System is infected while interacting with the malicious endpoint, often without them being made aware the attack has taken place. An attacker can gain control of the System by exploiting Unpatched System vulnerabilities and this form of attack currently represents one of the most common methods employed. In this paper we build a machine learning model using machine activity data and tweet metadata to move beyond post-execution classification of such URLs as malicious, to predict a URL will be malicious with 0.99 F-measure (using 10-fold cross-validation) and 0.833 (using an unseen test set) at 1 second into the interaction with the URL. Thus providing a basis from which to kill the connection to the server before an attack has completed and proactively blocking and preventing an attack, rather than reacting and repairing at a later date
-
Real Time Prediction of Drive by Download Attacks on Twitter
2017Co-Authors: Javed Amir, Burnap Pete, Rana OmerAbstract:The popularity of Twitter for information discovery, coupled with the automatic shortening of URLs to save space, given the 140 character limit, provides cyber criminals with an opportunity to obfuscate the URL of a malicious Web page within a tweet. Once the URL is obfuscated the cyber criminal can lure a user to click on it with enticing text and images before carrying out a cyber attack using a malicious Web server. This is known as a drive-by- download. In a drive-by-download a user's computer System is infected while interacting with the malicious endpoint, often without them being made aware, the attack has taken place. An attacker can gain control of the System by exploiting Unpatched System vulnerabilities and this form of attack currently represents one of the most common methods employed. In this paper, we build a machine learning model using machine activity data and tweet meta data to move beyond post-execution classification of such URLs as malicious, to predict a URL will be malicious with 99.2% F-measure (using 10-fold cross validation) and 83.98% (using an unseen test set) at 1 second into the interaction with the URL. Thus providing a basis from which to kill the connection to the server before an attack has completed and proactively blocking and preventing an attack, rather than reacting and repairing at a later date.Comment: 17 page
Burnap Pete - One of the best experts on this subject based on the ideXlab platform.
-
Prediction of drive-by download attacks on Twitter
'Elsevier BV', 2019Co-Authors: Javed Amir, Burnap Pete, Rana OmerAbstract:The popularity of Twitter for information discovery, coupled with the automatic shortening of URLs to save space, given the 140 character limit, provides cybercriminals with an opportunity to obfuscate the URL of a malicious Web page within a tweet. Once the URL is obfuscated, the cybercriminal can lure a user to click on it with enticing text and images before carrying out a cyber attack using a malicious Web server. This is known as a drive-by download. In a drive-by download a user’s computer System is infected while interacting with the malicious endpoint, often without them being made aware the attack has taken place. An attacker can gain control of the System by exploiting Unpatched System vulnerabilities and this form of attack currently represents one of the most common methods employed. In this paper we build a machine learning model using machine activity data and tweet metadata to move beyond post-execution classification of such URLs as malicious, to predict a URL will be malicious with 0.99 F-measure (using 10-fold cross-validation) and 0.833 (using an unseen test set) at 1 second into the interaction with the URL. Thus providing a basis from which to kill the connection to the server before an attack has completed and proactively blocking and preventing an attack, rather than reacting and repairing at a later date
-
Real Time Prediction of Drive by Download Attacks on Twitter
2017Co-Authors: Javed Amir, Burnap Pete, Rana OmerAbstract:The popularity of Twitter for information discovery, coupled with the automatic shortening of URLs to save space, given the 140 character limit, provides cyber criminals with an opportunity to obfuscate the URL of a malicious Web page within a tweet. Once the URL is obfuscated the cyber criminal can lure a user to click on it with enticing text and images before carrying out a cyber attack using a malicious Web server. This is known as a drive-by- download. In a drive-by-download a user's computer System is infected while interacting with the malicious endpoint, often without them being made aware, the attack has taken place. An attacker can gain control of the System by exploiting Unpatched System vulnerabilities and this form of attack currently represents one of the most common methods employed. In this paper, we build a machine learning model using machine activity data and tweet meta data to move beyond post-execution classification of such URLs as malicious, to predict a URL will be malicious with 99.2% F-measure (using 10-fold cross validation) and 83.98% (using an unseen test set) at 1 second into the interaction with the URL. Thus providing a basis from which to kill the connection to the server before an attack has completed and proactively blocking and preventing an attack, rather than reacting and repairing at a later date.Comment: 17 page
Amir Javed - One of the best experts on this subject based on the ideXlab platform.
-
Understanding malware behaviour in online social networks and predicting cyber attack
2019Co-Authors: Amir JavedAbstract:The popularity of Twitter for information discovery, coupled with the automatic shortening of URLs to save space given the 280 character limit, provides cybercriminals with an opportunity to obfuscate the URL of a malicious Webpage within a tweet. Once the URL is obfuscated, the cybercriminal can lure a user into clicking on it with enticing text and images before carrying out a cyber attack using a malicious Web server. This is known as a drive-by download and has been reported to account for 48% of web-based attacks. In a drive-by download a user’s computer System is infected while interacting with the malicious endpoint, often without them being made aware the attack has taken place. An attacker can gain control of the System by exploiting Unpatched System vulnerabilities, and this form of attack currently represents one of the most common methods employed. In order to counter drive-by download attacks on Twitter, this thesis contributes to the existing literature on detecting malware on online social networks by shifting the focus towards the effects of malware on user machines, and away from the malware signature and dynamic behaviour, which can be obfuscated. Initially we developed a drive-by download detection model for Twitter that was successful in classifying URLs into malicious and benign with an F-measure of 0.81 during training, and 0.71 while testing on an unseen dataset. The model was then extended into a predictive model that was able to redictwhethertheURLwaspointingtoamaliciousWebpagewith0.99F-measure (using 10-fold cross-validation) and 0.833 F-measure (using an unseen test set) at 1 second into the interaction with a URL. These provide a novel contribution with which it is possible to kill the connection to the server before an attack has completed - thus proactively blocking and preventing an attack, rather than reacting and repairing at a later date. This thesis also contributes to the broader literature on malware propagation by uncovering both social and content-based factors that aid in the propagation of a tweet containing a link to a malicious Web server. This was achieved by gathering data from seven different and diverse sporting events over a period of three years. The data were then analysed to answer questions including: why are certain Tweets retweeted more than others? is virality partly driven by psychological arousal? and, is the act of retweeting affected by the tweet content and the emotions it evokes? Experimental results showed a strong association towards content-driven features, such as emotions and the choice of words associated with emotions that were used to compose a tweet or create hashtags. Tweets that contain malicious links were associated with negative emotions, particularly the emotion fear, for their retweet likelihood (virality) and survival (longevity of propagation). Whereas, in tweets that were classified as benign, it was positive sentiment and high arousal emotions such as surprise that were associated with the size and survival of Web links.
