Journal of Emerging Technologies in Web Intelligence Contents

More documents

Recommendations

Info

154 JOURNAL OF EMERGING TECHNOLOGIES IN WEB INTELLIGENCE, VOL. 2, NO. 2, MAY 2010now enter via the Web and IBM Internet Security Systems(ISS) estimates that nearly 100% of Web attacks nowutilize obfuscated JavaScript as a very effective techniqueto bypass antivirus and intrusion prevention.Today, once a PC is infected with stealth malware, ittypically opens two-way communications to a “commandand control” (C&C) server to establish a channel back tothe cyber criminal. This allows the “bot” (as in “robotcomputer”) to report status as well as any valuableinformation that is immediately accessible. Groups ofthese remotely controlled, malware-infected computersare commonly called botnets, and serve as the foundationof most cybercrime on the Internet.How do victims get infected? A user may be drawn bya phishing e-mail to a Web site hosted on a hijackedserver, which serves up a browser exploit; this downloadsand installs a bot on the user’s PC. The bot thendownloads more malware like “keyloggers” that silentlyrecord keyboard and mouse activities to execute furthercriminal activities, such as stealing user credentials andcapturing other sensitive information. All of this takesplace without the knowledge of the user or administrator.As their prevalence has increased, remote-controlmalware/botnets have become serious concerns forsecurity administrators.The recent January, 2009 malware-related data thefts atHeartland Payment Systems and earlier malwareRecent Research[14] Has Found:11 % of the world’s computers are enmeshed in at leastone botnet23 % of home computers become infected despite havingsecurity enabled72 % of corporate networks larger than 100 PC’s have aninfectioninfiltrations at Hannaford Supermarkets, University ofFlorida Medical Center, and NASA underscore theescalating threat of malware-related data breaches. TheIdentity Theft Resource Center, a nonprofit group focusedon understanding and preventing identity theft, reportedthat 656 known security breaches had taken place in 2008,reflecting a 47 percent increase over 2007’s total. As ofMarch 17, 2009 the resource center had already reported110 breaches in 2009.V. STEALTH MALWARE ATTACKS ARE OUTMANEUVERINGCONVENTIONAL DEFENSESDefending corporate networks from today’s malwarerelateddata thefts requires modern protection that goesbeyond current signature- and heuristic-based detectiontechniques. Modern threats exploit the inability ofconventional network protection to provide a unifieddefense against a criminal who attacks on multiple fronts,from OS and browser vulnerabilities to social engineering.The anachronistic concept of detecting infections with asingle technique, such as signatures, has left manybusinesses and consumers open to attack, despite theirdeployment of antivirus and IPS (intrusion preventionsystems). The sheer volume and escalating danger ofmodern attacks are overwhelming limited IT resourcesand outmaneuvering conventional defenses that mayalready be in place. To enable a more efficient IT securityprocess, accurate and timely identification of infectedmachines is the first step in preventing malware-relateddata breaches. And, the only viable solutions are thosethat provide thorough coverage across the many vectorsthat are used in attacks.VI. CONVENTIONAL APPROACHES FAIL TO PROTECTAGAINST WEB THREATSWeb threat scanning has specific requirements that arenot met by the traditional approach to virus scanning.Conventional antivirus software installed on clientmachines, for example, while crucial to the protection ofthese machines from a variety of threats, does notadequately protect against the evolving set of Web threats.One reason is that the conventional approach to virusprotection involves collecting samples of viruses,developing patterns, and quickly distributing thesepatterns to users. Because many Web threats are targetedattacks and span many variants, collecting samples isalmost impossible.The large numbers of variants use multiple deliveryvehicles (for example, spam, instant messaging, and Websites), rendering the conventional sample collection,pattern creation, and deployment process insufficient.Another reason that conventional virus detectionprocesses fall short involves a fundamental differencebetween these viruses and evolving Web threats.Conventional viruses were fundamentally designed tospread as quickly as possible, and were therefore ofteneasy to spot. With the advent of Web threats, malware hasevolved from this outbreak model to stealthy “sleeper”infections that are therefore difficult to detect viaconventional antivirus techniques.Recovering from infections also presents newchallenges. In some cases, Web threats may result in asystem infection that is so extensive (for example, via arootkit in which the system file is replaced) thatconventional uninstall or system cleaning approachesbecome useless. Infected systems often require a completesystem recovery, in which the hard drive is wiped and theoperating system, applications, and user data arereinstalled.VII. FUTURE WORKA New Approach Is Needed: Integrated, Multi-Layered Protection - Clearly, users need a newapproach to addressing Web threats that complementsexisting techniques.The most effective approach willemploy multiple layers of protection and incorporate arange of protective measures. In addition, the evolvingnature of the threat necessitates some form of informationfeedback and integration, in which information gatheredin one portion of the protection network is used to updateinformation in other layers. Any effective approach© 2010 ACADEMY PUBLISHER
JOURNAL OF EMERGING TECHNOLOGIES IN WEB INTELLIGENCE, VOL. 2, NO. 2, MAY 2010 155should also address all relevant protocols, because Webthreats leverage multiple protocols in their attacks, inparticular email as the initial delivery mechanism and theWeb as the threat host. However, other mechanisms canalso help perpetrate attacks such as links in IM andinfected files.Coordinating measures requires efficient, centralizedmanagement of region-specific expertise to help addressthe regional, and even localized nature of many of thethreats. The key to effectively addressing Web threats is amulti-layered approach. The network points arecategorized in four different layers (see Figure 2): 1) “inthe-cloud”(i.e. before the traffic reaches the Internetgateway), 2) at the Internet gateway, 3) across the networkservers, 4) and at the endpoint (for example, the client). Inthe below example, the description uses the points in thenetwork for high level organization and describes theprotocol protection and security technologies that can bedeployed at these points. The subsections on protocolprotection and security technologies describe emailsolutions first, which is often the first step in a Web threatattack, followed by Web solutions that directly protectWeb usage.A multi-layered approach is needed to protect againstthe broad range of Web threatsDNA of an Ideal Solution:Dynamic, real-time detection of threat: Finds thelatest stealth, 0-day attacksAccurate detection: No false positives, and no falsenegativesReturn on security investment: Easy to install,manage, support and scaleVIII. CONCLUSIONWeb threats are prevalent today and are growing innumbers and impact. Their complexity, large number ofvariants, and use of multiple vectors, combined with theirexploitation of the most commonly used medium today -the Web - make Web threats the most challenging threatthat consumers, businesses, and services providers, havefaced in a long time.Potential costs associated with these threats includeconfidential information leakage and theft of networkresources, with the adverse impact of erosion ofcustomers, trust, and brand reputation; regulatory andlegal implications; negative public relations; and loss ofcompetitive advantage. Because conventional approachesfail to protect against Web threats, the informationsecurity industry is at a crossroads. Businesses of all sizes,as well as service providers, need to deploy solutions viaan integrated, multi-layered approach to provide real-time,comprehensive protection against these threats.REFERENCES1. Gregg Keizer, Computerworld, August 19, 2007, “Identityattack spreads; 1.6M records stolen from Monster.com,”http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9031418&pageNumber=1.2. Dan Kaplan, SC Magazine, October 30, 2007, “FTC SpamContains Keylogging Trojan”,http://www.scmagazineus.com/FTC-spam-containskeylogging-trojan/article/58273/3. Paul F. Roberts, eWeek.com, December 16, 2005, “SpearPhishing Attack Targets Credit Unions,”http://www.eweek.com/article2/0,1895,1902896,00.asp.4. IDC, press release, July 18, 2006, “Private Internet Use byStaff Threatens IT Security in Danish Companies, SaysIDC,”http://www.idc.com/getdoc.jsp?containerId=pr2006_07_14_125434.5. Cara Garretson, NetworkWorld.com, January 11, 2006,“Spam that Delivers a Pink Slip”http://www.networkworld.com/news/2006/110106-spamspear-phishing.html6. Gregg Keizer, TechWeb Technology News, January 24, 2006,“Botnet Creator Pleads Guilty, Faces 25 Years,”http://www.techweb.com/wire/security/177103378.7. Marius Oiaga, Softpedia, October 4, 2006, “Hacking RussianTrio Gets 24 Years in Prison,”http://news.softpedia.com/news/Hacking-Russian-Trio-Gets-24-Years-in-Prison-37149.shtml.8. Byron Acohido and Jon Swartz, USA TODAY “Cybercrimeflourishes in online hacker forums,” October 11, 2006,http://www.usatoday.com/tech/news/computersecurity/infotheft/2006-10-11-cybercrime-hackerforums_x.htm.9. Police of the City of Munich, August 25, 2006,http://www.sueddeutsche.de/,tt3m3/muenchen/artikel/612/83529.10. Avivah Litan, “Phishing Attacks Escalate, Morph, and CauseConsiderable Damage,” Gartner, December 12, 2007.11. Tom Krazit, Cnet, “Two in three retail PCs are notebooks,”December 20, 2006,http://news.com.com/Two+in+three+retail+PCs+are+notebooks/2100-1044_3-6144921.html.12. Niels Provos, Dean McNamee, Panayiotis Mavrommatis, KeWang, and Nagendra Modadugu: The Ghost in the BrowserAnalysis of Web-based Malware, May 2007.13 David Barroso, ENISA Position Paper No. 3: Botnets – TheSilent Threat, November 2007,http://www.enisa.europa.eu/doc/pdf/deliverables/enisa_pp_botnets.pdf.14 Panda Security,http://www.pandasecurity.com/homeusers/media/pressreleases/viewnews?noticia=9077© 2010 ACADEMY PUBLISHER
Page 1 and 2:
Journal of Emerging Technologies in
Page 3 and 4:
JOURNAL OF EMERGING TECHNOLOGIES IN
Page 6 and 7:
82 JOURNAL OF EMERGING TECHNOLOGIES
Page 8 and 9:
Page 10 and 11:
Page 12 and 13:
Page 14 and 15:
Page 16 and 17:
Page 18 and 19:
Page 20 and 21:
Page 22 and 23:
Page 24 and 25:
100 JOURNAL OF EMERGING TECHNOLOGIE
Page 26 and 27:
102 JOURNAL OF EMERGING TECHNOLOGIE
Page 28 and 29: 104 JOURNAL OF EMERGING TECHNOLOGIE
Page 81 and 82: Aims and ScopeCall for Papers and S
show all

Journal of Emerging Technologies in Web Intelligence Contents

Create successful ePaper yourself

Delete template?

Save as template?