Abstract
Recent cyberattacks armed with various ICT (information and communication technology) techniques are becoming advanced, sophisticated and intelligent. In security research field and practice, it is a common and reasonable assumption that attackers are intelligent enough to discover security vulnerabilities of security defense mechanisms and thus avoid the defense systems’ detection and prevention activities. Web defacement attacks refer to a series of attacks that illegally modify web pages for malicious purposes, and are one of the serious ongoing cyber threats that occur globally. Detection methods against such attacks can be classified into either server-based approaches or client-based approaches, and there are pros and cons for each approach. From our extensive survey on existing client-based defense methods, we found a critical security vulnerability which can be exploited by intelligent attackers. In this paper, we report the security vulnerability in existing client-based detection methods with a fixed monitoring cycle and present novel intelligent on-off web defacement attacks exploiting such vulnerability. Next, we propose to use a random monitoring strategy as a promising countermeasure against such attacks, and design two random monitoring defense algorithms: (1) Uniform Random Monitoring Algorithm (URMA), and (2) Attack Damage-Based Random Monitoring Algorithm (ADRMA). In addition, we present extensive experiment results to validate our idea and show the detection performance of our random monitoring algorithms. According to our experiment results, our random monitoring detection algorithms can quickly detect various intelligent web defacement on-off attacks (AM1, AM2, and AM3), and thus do not allow huge attack damage in terms of the number of defaced slots when compared with an existing fixed periodic monitoring algorithm (FPMA).
Highlights
Web defacement attacks refer to a series of attacks that illegally modifies web pages in unauthorized manners for malicious purposes
We first reported that existing client-based web defacement detection methods with a fixed monitoring cycle can be vulnerable to intelligent on-off web defacement attacks
We proposed to use random monitoring defense strategy as a promising countermeasure against the intelligent on-off web defacement attacks by providing a probabilistic analysis on how such strategy can be effective in detecting on-off attacks
Summary
Web defacement attacks refer to a series of attacks that illegally modifies web pages in unauthorized manners for malicious purposes. Typical types of web defacement attacks vary from changing main images of websites to launching drive-by-download attacks that stealthily inject a malicious link into a web page through which malwares are automatically downloaded to web users’ devices which accessed the defaced web pages [3,4]. The latter type is more often reported because the attacker can construct a large-scale botnet that consists of compromised personal computers, laptops, smartphones, appliances, and Internet of Things (IoT) devices. Attackers can achieve their intended goals, such as launching distributed denial-of-service (DDoS) attacks to certain websites
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
