抄録
Drive-by download attacks force users to automatically download and install malware by redirecting them to malicious URLs that exploit vulnerabilities of the user's web browser. Attackers profile the information on the user's environment such as the name and version of the browser and browser plugins and launch a drive-by download attack on only certain targets by changing the destination URL. When malicious content detection and collection techniques such as honey clients are used that do not match the specific environment of the attack target, they cannot detect the attack because they are not redirected. We propose here a method to exhaustively analyze Java Script code relevant to redirections and to extract the destination URLs in the code. Our method facilitates the detection of attacks by extracting a large number of URLs while controlling the analysis overhead by excluding code not relevant to redirections. We implemented our method in a browser emulator called Mine Spider that automatically extracts potential URLs from websites. We validated it by using communication data with malicious websites captured during a three-year period. The experimental results demonstrated that Mine Spider extracted 30,000 new URLs from websites in a few seconds that existing techniques missed.
| 本文言語 | English |
|---|---|
| ホスト出版物のタイトル | Proceedings - International Computer Software and Applications Conference |
| 出版社 | IEEE Computer Society |
| ページ | 444-449 |
| ページ数 | 6 |
| 巻 | 2 |
| ISBN(印刷版) | 9781467365635 |
| DOI | |
| 出版ステータス | Published - 2015 9月 21 |
| イベント | 39th IEEE Annual Computer Software and Applications Conference, COMPSAC 2015 - Taichung, Taiwan, Province of China 継続期間: 2015 7月 1 → 2015 7月 5 |
Other
| Other | 39th IEEE Annual Computer Software and Applications Conference, COMPSAC 2015 |
|---|---|
| 国/地域 | Taiwan, Province of China |
| City | Taichung |
| Period | 15/7/1 → 15/7/5 |
ASJC Scopus subject areas
- コンピュータ サイエンスの応用
- ソフトウェア