Show simple item record

An Analysis of Network Flow Records for Inferring Web Browser Redirection

dc.contributor.advisorCukier, Michelen_US
dc.contributor.authorHemingway, Frank Shawnen_US
dc.description.abstractLegitimate web browser redirection is often used to take users to web pages that have moved or to help users find the correct website when they have entered the web address incorrectly. Unfortunately, computer network attackers can use web browser redirection to manage malware-serving hosts and conceal their activity. An analysis of network flow records yields heuristics for flow size, flow duration, and inter-flow duration that indicate flows where web browser redirection is likely to have occurred. Results show that flows matching these redirection heuristics are indeed several times more likely to communicate with Internet hosts that have exhibited a history of malicious behavior. A network security administrator can thus filter large sets of network flow records to reveal flows most likely to contain web browser redirection. This capability reduces the sample space when looking for evidence of malicious activity targeting web browsers and contributes more generally to the expanding field of flow-based application recognition.en_US
dc.titleAn Analysis of Network Flow Records for Inferring Web Browser Redirectionen_US
dc.contributor.publisherDigital Repository at the University of Marylanden_US
dc.contributor.publisherUniversity of Maryland (College Park, Md.)en_US
dc.contributor.departmentElectrical Engineeringen_US
dc.subject.pqcontrolledComputer engineeringen_US
dc.subject.pqcontrolledComputer scienceen_US
dc.subject.pqcontrolledElectrical engineeringen_US
dc.subject.pquncontrolledGeneralized Extreme Valueen_US
dc.subject.pquncontrolledNetwork Flowsen_US
dc.subject.pquncontrolledWeb Browseren_US

Files in this item


This item appears in the following Collection(s)

Show simple item record