Sang-Yong Choi, Chang Gyoon Lim, Yong-Min Kim, Journal of Information Processing Systems Vol. 15, No. 1, pp. 100-115, Feb. 2019  

10.3745/JIPS.03.0107
Keywords: Auto Link Tracer, Drive-by Download, Malicious Website, MDN, Real Browser and Forward Proxy
Fulltext: PDF Full Text PubReader

Abstract

Malicious code distribution on the Internet is one of the most critical Internet-based threats and distribution technology has evolved to bypass detection systems. As a new defense against the detection bypass technology of malicious attackers, this study proposes the automated tracing of malicious websites in a malware distribution network (MDN). The proposed technology extracts automated links and classifies websites into malicious and normal websites based on link structure. Even if attackers use a new distribution technology, website classification is possible as long as the connections are established through automated links. The use of a real web-browser and proxy server enables an adequate response to attackers’ perception of analysis environments and evasion technology and prevents analysis environments from being infected by malicious code. The validity and accuracy of the proposed method for classification are verified using 20,000 links, 10,000 each from normal and malicious websites.

Statistics
Cite this article