论文信息 - A Framework for Countering Drive-by Download Attacks

A Framework for Countering Drive-by Download Attacks

Recently, security incidents caused by Drive-by-Download attack (DBD attack) which exploits vulnerability in browser or browser's plug-in and infects user's machine with malware have increased. Unlike remote exploit attack, DBD attack is triggered by user access to a malicious web site. Therefore a passive monitoring technique such as darknet monitoring can never grasp the threat of DBD attack. In addition, malicious websites tend to change their URL at short intervals, it is necessary to detect the appearance of malicious websites quickly for efficient countermeasures. In this paper, we propose a novel framework for countering DBD attack. In the proposed framework, we deploy sensors that work inside web browsers on a large scale. The sensor collects information of web browsing when a user access websites. Then we analyze the collected information for detecting a website suspected as manipulated or malicious website quickly.

Koji Nakao | Daisuke Inoue | Takahiro Kasama | Masashi Eto | Junji Nakazato

[1] Benjamin Livshits,et al. ZOZZLE: Fast and Precise In-Browser JavaScript Malware Detection , 2011, USENIX Security Symposium.

[2] Koji Nakao,et al. Malware Behavior Analysis in Isolated Miniature Network for Revealing Malware's Network Activity , 2008, 2008 IEEE International Conference on Communications.

[3] Niels Provos,et al. All Your iFRAMEs Point to Us , 2008, USENIX Security Symposium.

[4] Niels Provos,et al. The Ghost in the Browser: Analysis of Web-based Malware , 2007, HotBots.

[5] Vinod Yegneswaran,et al. BLADE: an attack-agnostic approach for preventing drive-by malware infections , 2010, CCS '10.

[6] Damien Deville,et al. SpyProxy: Execution-based Detection of Malicious Web Content , 2007, USENIX Security Symposium.

[7] Mitsuaki Akiyama,et al. Design and Implementation of High Interaction Client Honeypot for Drive-by-Download Attacks , 2010, IEICE Trans. Commun..