Measuring Drive-by Download Defense in Depth

Boggs, Nathaniel Gordon; Du, Senyao; Stolfo, Salvatore

Defense in depth is vital as no single security product detects all of today’s attacks. To design defense in depth organizations rely on best practices and isolated product reviews with no way to determine the marginal benefit of additional security products. We propose empirically testing security products’ detection rates by linking multiple pieces of data such as network traffic, executable files, and an email to the attack that generated all the data. This allows us to directly compare diverse security products and to compute the increase in total detection rate gained by adding a security product to a defense in depth strategy not just its stand alone detection rate. This approach provides an automated means of evaluating risks and the security posture of alternative security architectures. We perform an experiment implementing this approach for real drive-by download attacks found in a real time email spam feed and compare over 40 security products and human click-through rates by linking email, URL, network content, and executable file attack data.



  • thumnail for boggs_driveby_paper81.pdf boggs_driveby_paper81.pdf application/pdf 1.51 MB Download File

Also Published In

Research in Attacks, Intrusions and Defenses 17th International Symposium, RAID 2014, Gothenburg, Sweden, September 17-19, 2014, Proceedings

More About This Work

Academic Units
Computer Science
Published Here
July 15, 2015


Presented at the 17th International Symposium on Research in Attacks, Intrusions and Defenses; RAID 2014; 2014/09/17