MineSpider: Extracting URLs from Environment-Dependent Drive-by Download Attacks

Yuta Takata, Mitsuaki Akiyama, Takeshi Yagi, Takeo Hariu, Shigeki Goto

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    10 Citations (Scopus)


    Drive-by download attacks force users to automatically download and install malware by redirecting them to malicious URLs that exploit vulnerabilities of the user's web browser. Attackers profile the information on the user's environment such as the name and version of the browser and browser plugins and launch a drive-by download attack on only certain targets by changing the destination URL. When malicious content detection and collection techniques such as honey clients are used that do not match the specific environment of the attack target, they cannot detect the attack because they are not redirected. We propose here a method to exhaustively analyze Java Script code relevant to redirections and to extract the destination URLs in the code. Our method facilitates the detection of attacks by extracting a large number of URLs while controlling the analysis overhead by excluding code not relevant to redirections. We implemented our method in a browser emulator called Mine Spider that automatically extracts potential URLs from websites. We validated it by using communication data with malicious websites captured during a three-year period. The experimental results demonstrated that Mine Spider extracted 30,000 new URLs from websites in a few seconds that existing techniques missed.

    Original languageEnglish
    Title of host publicationProceedings - International Computer Software and Applications Conference
    PublisherIEEE Computer Society
    Number of pages6
    ISBN (Print)9781467365635
    Publication statusPublished - 2015 Sept 21
    Event39th IEEE Annual Computer Software and Applications Conference, COMPSAC 2015 - Taichung, Taiwan, Province of China
    Duration: 2015 Jul 12015 Jul 5


    Other39th IEEE Annual Computer Software and Applications Conference, COMPSAC 2015
    Country/TerritoryTaiwan, Province of China


    • Code analysis
    • Drive-by download
    • Honeyclient
    • Program slicing

    ASJC Scopus subject areas

    • Computer Science Applications
    • Software


    Dive into the research topics of 'MineSpider: Extracting URLs from Environment-Dependent Drive-by Download Attacks'. Together they form a unique fingerprint.

    Cite this