MineSpider: Extracting URLs from Environment-Dependent Drive-by Download Attacks

Yuta Takata, Mitsuaki Akiyama, Takeshi Yagi, Takeo Hariu, Shigeki Goto

    研究成果: Conference contribution

    9 被引用数 (Scopus)

    抄録

    Drive-by download attacks force users to automatically download and install malware by redirecting them to malicious URLs that exploit vulnerabilities of the user's web browser. Attackers profile the information on the user's environment such as the name and version of the browser and browser plugins and launch a drive-by download attack on only certain targets by changing the destination URL. When malicious content detection and collection techniques such as honey clients are used that do not match the specific environment of the attack target, they cannot detect the attack because they are not redirected. We propose here a method to exhaustively analyze Java Script code relevant to redirections and to extract the destination URLs in the code. Our method facilitates the detection of attacks by extracting a large number of URLs while controlling the analysis overhead by excluding code not relevant to redirections. We implemented our method in a browser emulator called Mine Spider that automatically extracts potential URLs from websites. We validated it by using communication data with malicious websites captured during a three-year period. The experimental results demonstrated that Mine Spider extracted 30,000 new URLs from websites in a few seconds that existing techniques missed.

    本文言語English
    ホスト出版物のタイトルProceedings - International Computer Software and Applications Conference
    出版社IEEE Computer Society
    ページ444-449
    ページ数6
    2
    ISBN(印刷版)9781467365635
    DOI
    出版ステータスPublished - 2015 9月 21
    イベント39th IEEE Annual Computer Software and Applications Conference, COMPSAC 2015 - Taichung, Taiwan, Province of China
    継続期間: 2015 7月 12015 7月 5

    Other

    Other39th IEEE Annual Computer Software and Applications Conference, COMPSAC 2015
    国/地域Taiwan, Province of China
    CityTaichung
    Period15/7/115/7/5

    ASJC Scopus subject areas

    • コンピュータ サイエンスの応用
    • ソフトウェア

    フィンガープリント

    「MineSpider: Extracting URLs from Environment-Dependent Drive-by Download Attacks」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

    引用スタイル