Search Word(s) in Title, Keywords, Authors, and Abstract:
Sang-Yong Choi
Automated Link Tracing for Classification of Malicious Websites in Malware Distribution Networks
Sang-Yong Choi, Chang Gyoon Lim and Yong-Min Kim
Page: 100~115, Vol. 15, No.1, 2019
10.3745/JIPS.03.0107
Keywords: Auto Link Tracer, Drive-by Download, Malicious Website, MDN, Real Browser and Forward Proxy
Show / Hide Abstract
ELPA: Emulation-Based Linked Page Map Analysis for the Detection of Drive-by Download Attacks
Sang-Yong Choi, Daehyeok Kim and Yong-Min Kim
Page: 422~435, Vol. 12, No.3, 2016
10.3745/JIPS.03.0045
Keywords: Drive-by Download, Malware Distribution Network, Webpage Link Analysis, Web Security
Show / Hide Abstract
Automated Link Tracing for Classification of Malicious Websites in Malware Distribution Networks
Sang-Yong Choi, Chang Gyoon Lim and Yong-Min Kim
Page: 100~115, Vol. 15, No.1, 2019

Keywords: Auto Link Tracer, Drive-by Download, Malicious Website, MDN, Real Browser and Forward Proxy
Show / Hide Abstract
Malicious code distribution on the Internet is one of the most critical Internet-based threats and distribution
technology has evolved to bypass detection systems. As a new defense against the detection bypass technology
of malicious attackers, this study proposes the automated tracing of malicious websites in a malware
distribution network (MDN). The proposed technology extracts automated links and classifies websites into
malicious and normal websites based on link structure. Even if attackers use a new distribution technology,
website classification is possible as long as the connections are established through automated links. The use of
a real web-browser and proxy server enables an adequate response to attackers’ perception of analysis
environments and evasion technology and prevents analysis environments from being infected by malicious
code. The validity and accuracy of the proposed method for classification are verified using 20,000 links, 10,000
each from normal and malicious websites.
ELPA: Emulation-Based Linked Page Map Analysis for the Detection of Drive-by Download Attacks
Sang-Yong Choi, Daehyeok Kim and Yong-Min Kim
Page: 422~435, Vol. 12, No.3, 2016

Keywords: Drive-by Download, Malware Distribution Network, Webpage Link Analysis, Web Security
Show / Hide Abstract
Despite the convenience brought by the advances in web and Internet technology, users are increasingly being exposed to the danger of various types of cyber attacks. In particular, recent studies have shown that today’s cyber attacks usually occur on the web via malware distribution and the stealing of personal information. A drive-by download is a kind of web-based attack for malware distribution. Researchers have proposed various methods for detecting a drive-by download attack effectively. However, existing methods have limitations against recent evasion techniques, including JavaScript obfuscation, hiding, and dynamic code evaluation. In this paper, we propose an emulation-based malicious webpage detection method. Based on our study on the limitations of the existing methods and the state-of-the-art evasion techniques, we will introduce four features that can detect malware distribution networks and we applied them to the proposed method. Our performance evaluation using a URL scan engine provided by VirusTotal shows that the proposed method detects malicious webpages more precisely than existing solutions.