Localisation of Attacks, Combating Browser-Based Geo-Information and IP Tracking Attacks.
Degree: 2017, Victoria University of Wellington
Accessing and retrieving users’ browser and network information is a common practice used by advertisers and many online services to deliver targeted ads and explicit improved services to users belonging to a particular group. They provide a great deal of information about a user’s geographical location, ethnicity, language, culture and general interests. However, in the same way these techniques have proven effective in advertising services, they can be used by attackers to launch targeted attacks against specific user groups. Targeted attacks have been proven more effective against user groups than their blind untargeted counterparts (e.g.spam, phishing). Their detection is more challenging as the detection tools need to be located within the targeted user group. This is one of the challenges faced by security researchers and organisations involved in the detection of new malware and exploits, using client honeypots. Client honeypots are detection systems used in the identification of malicious web sites. The client honeypot needs to mimic users in a pre-defined location, system, network and personality for which the malware is intended. The case is amplified by the use of Browser Exploit Packs/kits (BEPs), supporting these features. BEPs provide simplicity in deployment of targeted malicious web sites. They allow attackers to utilise specific geographical locations, network information, visit patterns or browser header information obtained from a visiting user to determine if a user should be subjected to an attack.
Malicious web sites that operate based on targeted techniques can disguise themselves as legitimate web sites and bypass detection. Benign content is delivered to attacker-specified users while avoiding delivery to suspicious systems such as well-known or possible subnets that may host client honeypots. A client honeypot deployed in a single location with a single IP address will fail to detect an attack targeted at users in different demographic and network subnets. Failure in detection of such attacks results in high rates of false negatives which affect all honeypots regardless of detection technique or interaction level. BEPs are hugely popular and most include tracking features. The number of malicious web sites that utilise these features is currently unknown. There are very few studies that have addressed identifying the rate and number of malicious web sites utilising these techniques and no available client honeypot system is currently able to detect them. Any failure to detect these web sites will result in unknown numbers of users being exploited and infected with malware. The false negatives resulting from failing to detect these web sites can incorrectly be interpreted as a decline in the number of attacks.
In this work, a study of information that can potentially expose users to targeted attack through a browser is examined through experimental analysis. Concrete approaches by attackers to obtain user-specific information in the deployment of targeted attacks through browsers are…
Advisors/Committee Members: Welch, Ian.
Subjects/Keywords: Geolocation Attacks; HAZOP; Client Honeypots; Browser Based Attacks; IP Tracking; Browser Exploit Kits; YALIH; Localized Attacks; Targeted attacks; Honeypots; Honey clients; Hazard and Operability
…Malicious web sites that operate based on geo-information, IP tracking
and browser header… …behind targeted attacks from an attacker’s
perspective and system or browser attributes which… …attacks directed at end user browsers
and focuses on related work in the area of browser and… …malware based
geolocation attacks. Existing client honeypot systems are classified, reviewed and… …events within a
community and personalizing attacks based on those information significantly…
to Zotero / EndNote / Reference
APA (6th Edition):
Mansoori, M. (2017). Localisation of Attacks, Combating Browser-Based Geo-Information and IP Tracking Attacks. (Doctoral Dissertation). Victoria University of Wellington. Retrieved from http://hdl.handle.net/10063/6567
Chicago Manual of Style (16th Edition):
Mansoori, Masood. “Localisation of Attacks, Combating Browser-Based Geo-Information and IP Tracking Attacks.” 2017. Doctoral Dissertation, Victoria University of Wellington. Accessed January 15, 2021.
MLA Handbook (7th Edition):
Mansoori, Masood. “Localisation of Attacks, Combating Browser-Based Geo-Information and IP Tracking Attacks.” 2017. Web. 15 Jan 2021.
Mansoori M. Localisation of Attacks, Combating Browser-Based Geo-Information and IP Tracking Attacks. [Internet] [Doctoral dissertation]. Victoria University of Wellington; 2017. [cited 2021 Jan 15].
Available from: http://hdl.handle.net/10063/6567.
Council of Science Editors:
Mansoori M. Localisation of Attacks, Combating Browser-Based Geo-Information and IP Tracking Attacks. [Doctoral Dissertation]. Victoria University of Wellington; 2017. Available from: http://hdl.handle.net/10063/6567