HYPER-SIFT: Multi-Family Analysis and Detection of Exploit Kits

This research presents the first approach that leverages multidimensional characterization of exploit kits to build multi-class detectors. The approach is based on precise characterization of distinguishing aspects of multiple exploit kit families across three dimensions that mimic redirection, fingerprinting, and infection, the three crucial stages in exploit kit infection. The different modules of our diversified approach are the following. The first component will be responsible for the analysis of HTTP traffic generated by exploit kits. The second part of our detection system focuses on the files downloaded during the infection. The third and final part of our detection engine revolves around the landing page the victim is redirect to as a final stage of the infection process.