MineSpider: Extracting URLs from Environment-Dependent Drive-by Download Attacks

Yuta Takata, Mitsuaki Akiyama, Takeshi Yagi, Takeo Hariu, Shigeki Goto

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    5 Citations (Scopus)

    Abstract

    Drive-by download attacks force users to automatically download and install malware by redirecting them to malicious URLs that exploit vulnerabilities of the user's web browser. Attackers profile the information on the user's environment such as the name and version of the browser and browser plugins and launch a drive-by download attack on only certain targets by changing the destination URL. When malicious content detection and collection techniques such as honey clients are used that do not match the specific environment of the attack target, they cannot detect the attack because they are not redirected. We propose here a method to exhaustively analyze Java Script code relevant to redirections and to extract the destination URLs in the code. Our method facilitates the detection of attacks by extracting a large number of URLs while controlling the analysis overhead by excluding code not relevant to redirections. We implemented our method in a browser emulator called Mine Spider that automatically extracts potential URLs from websites. We validated it by using communication data with malicious websites captured during a three-year period. The experimental results demonstrated that Mine Spider extracted 30,000 new URLs from websites in a few seconds that existing techniques missed.

    Original languageEnglish
    Title of host publicationProceedings - International Computer Software and Applications Conference
    PublisherIEEE Computer Society
    Pages444-449
    Number of pages6
    Volume2
    ISBN (Print)9781467365635
    DOIs
    Publication statusPublished - 2015 Sep 21
    Event39th IEEE Annual Computer Software and Applications Conference, COMPSAC 2015 - Taichung, Taiwan, Province of China
    Duration: 2015 Jul 12015 Jul 5

    Other

    Other39th IEEE Annual Computer Software and Applications Conference, COMPSAC 2015
    CountryTaiwan, Province of China
    CityTaichung
    Period15/7/115/7/5

      Fingerprint

    Keywords

    • Code analysis
    • Drive-by download
    • Honeyclient
    • Program slicing

    ASJC Scopus subject areas

    • Computer Science Applications
    • Software

    Cite this

    Takata, Y., Akiyama, M., Yagi, T., Hariu, T., & Goto, S. (2015). MineSpider: Extracting URLs from Environment-Dependent Drive-by Download Attacks. In Proceedings - International Computer Software and Applications Conference (Vol. 2, pp. 444-449). [7273652] IEEE Computer Society. https://doi.org/10.1109/COMPSAC.2015.76