论文信息 - An Approach to Detect Drive-By Download by Observing the Web Page Transition Behaviors

An Approach to Detect Drive-By Download by Observing the Web Page Transition Behaviors

Drive-by download is one of the major threats to the Web infrastructure. It is triggered by user access to a malicious website and forces users to download malware by exploiting the vulnerabilities of web browsers or plug-ins. Since these malicious websites are ephemeral, it is difficult to keep pace with the emerging and disappearing of such websites. To detect and prevent such attacks, we implemented a framework that aims to detect and prevent drive-by download with users' voluntary monitoring of the web. In this paper, we propose an approach to detect and prevent drive-by download based on the characteristics of web page transition behaviors caused by malicious websites that force users to download malicious software. We evaluated our approach by using a dataset provided by The Anti Malware Engineering Workshop (MWS2013) as samples of malicious websites and web access data collected by a monitoring sensor in our framework. Our evaluation shows that our detection algorithm can accurately detect drive-by downloads if a series of transitions caused by drive-by downloads is completely conducted.

Ayumu Kubota | Takashi Matsunaka | Takahiro Kasama

[1] Ayumu Kubota,et al. Detecting and Preventing Drive-By Download Attack via Participative Monitoring of the Web , 2013, 2013 Eighth Asia Joint Conference on Information Security.

[2] Gianluca Stringhini,et al. Shady paths: leveraging surfing crowds to detect malicious web pages , 2013, CCS.

[3] Xuxian Jiang,et al. Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities , 2006, NDSS.

[4] Mitsuaki Akiyama,et al. Design and Implementation of High Interaction Client Honeypot for Drive-by-Download Attacks , 2010, IEICE Trans. Commun..

[5] Wenke Lee,et al. ARROW: GenerAting SignatuRes to Detect DRive-By DOWnloads , 2011, WWW.

[6] Niels Provos,et al. All Your iFRAMEs Point to Us , 2008, USENIX Security Symposium.

[7] Jack W. Stokes,et al. WebCop: Locating Neighborhoods of Malware on the Web , 2010, LEET.

[8] Markus Kammerstetter,et al. Vanity, cracks and malware: insights into the anti-copy protection ecosystem , 2012, CCS '12.

[9] Paolo Milani Comparetti,et al. EvilSeed: A Guided Approach to Finding Malicious Web Pages , 2012, 2012 IEEE Symposium on Security and Privacy.

[10] Koji Nakao,et al. A Framework for Countering Drive-by Download Attacks , 2011 .