Detection of Malicious Servers for Preventing Client-Side Attacks

Khuda Bux; Muhammad Yousaf; Akhtar Hussain Jalbani; Komal Batool

doi:10.22581/muet1982.2101.20

Khuda Bux Institute of Systems Engineering, Riphah International University, Islamabad, Pakistan.
Muhammad Yousaf Institute of Systems Engineering, Riphah International University, Islamabad, Pakistan .
Akhtar Hussain Jalbani Department of IT, Quaid-e-Awam University of Engineering, Science and Technology, Nawabshah, Sindh, Pakistan.
Komal Batool Institute of Systems Engineering, Riphah International University, Islamabad, Pakistan .

DOI: https://doi.org/10.22581/muet1982.2101.20

Abstract

The number of client-side attacks is increasing day-by-day. These attacks are launched by using various methods like phishing, drive-by downloads, click-frauds, social engineering, scareware, and ransomware. To get more advantage with less exertion and time, the attackers are focus on the clients, rather than servers which are more secured as compared to the clients. This makes clients as an easy target for the attackers on the Internet. A number of systems/tools have been created by the security community with various functions for detection of client-side attacks. The discovery of malicious servers that launch the client side attacks can be characterized in two types. First to detect malicious servers with passive detection which is often signature based. Second to detect the malicious servers with active detection often with dynamic malware analysis. Current systems or tools have more focus on identifying malicious servers rather than preventing the clients from those malicious servers. In this paper, we have proposed a solution for the detection and prevention of malicious servers that use the Bro Intrusion Detection System (IDS) and VirusTotal API 2.0. The detected malicious link is then blocked at the gateway.