MineSpider: Extracting hidden URLs behind evasive drive-by download attacks

Yuta Takata, Mitsuaki Akiyama, Takeshi Yagi, Takeo Hariu, Shigeki Goto

    研究成果: Article査読

    5 被引用数 (Scopus)

    抄録

    Drive-by download attacks force users to automatically download and install malware by redirecting them to malicious URLs that exploit vulnerabilities of the user's web browser. In addition, several evasion techniques, such as code obfuscation and environment-dependent redirection, are used in combination with drive-by download attacks to prevent detection. In environment-dependent redirection, attackers profile the information on the user's environment, such as the name and version of the browser and browser plugins, and launch a drive-by download attack on only certain targets by changing the destination URL. When malicious content detection and collection techniques, such as honeyclients, are used that do not match the specific environment of the attack target, they cannot detect the attack because they are not redirected. Therefore, it is necessary to improve analysis coverage while countering these adversarial evasion techniques. We propose a method for exhaustively analyzing JavaScript code relevant to redirections and extracting the destination URLs in the code. Our method facilitates the detection of attacks by extracting a large number of URLs while controlling the analysis overhead by excluding code not relevant to redirections. We implemented our method in a browser emulator called MineSpider that automatically extracts potential URLs from websites. We validated it by using communication data with malicious websites captured during a three-year period. The experimental results demonstrated that MineSpider extracted 30,000 new URLs from malicious websites in a few seconds that conventional methods missed.

    本文言語English
    ページ(範囲)860-872
    ページ数13
    ジャーナルIEICE Transactions on Information and Systems
    E99D
    4
    DOI
    出版ステータスPublished - 2016 4 1

    ASJC Scopus subject areas

    • 電子工学および電気工学
    • ソフトウェア
    • 人工知能
    • ハードウェアとアーキテクチャ
    • コンピュータ ビジョンおよびパターン認識

    フィンガープリント

    「MineSpider: Extracting hidden URLs behind evasive drive-by download attacks」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

    引用スタイル