ELPA: Emulation-Based Linked Page Map Analysis for the Detection of Drive-by Download Attacks


Sang-Yong Choi, Daehyeok Kim, Yong-Min Kim, Journal of Information Processing Systems Vol. 12, No. 3, pp. 422-435, Sep. 2016  

10.3745/JIPS.03.0045
Keywords: Drive-by download, Malware Distribution Network, Webpage Link Analysis, Web security
Fulltext:

Abstract

Despite the convenience brought by the advances in web and Internet technology, users are increasingly being exposed to the danger of various types of cyber attacks. In particular, recent studies have shown that today’s cyber attacks usually occur on the web via malware distribution and the stealing of personal information. A drive-by download is a kind of web-based attack for malware distribution. Researchers have proposed various methods for detecting a drive-by download attack effectively. However, existing methods have limitations against recent evasion techniques, including JavaScript obfuscation, hiding, and dynamic code evaluation. In this paper, we propose an emulation-based malicious webpage detection method. Based on our study on the limitations of the existing methods and the state-of-the-art evasion techniques, we will introduce four features that can detect malware distribution networks and we applied them to the proposed method. Our performance evaluation using a URL scan engine provided by VirusTotal shows that the proposed method detects malicious webpages more precisely than existing solutions.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from November 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.




Cite this article
[APA Style]
Choi, S., Kim, D., & Kim, Y. (2016). ELPA: Emulation-Based Linked Page Map Analysis for the Detection of Drive-by Download Attacks. Journal of Information Processing Systems, 12(3), 422-435. DOI: 10.3745/JIPS.03.0045.

[IEEE Style]
S. Choi, D. Kim, Y. Kim, "ELPA: Emulation-Based Linked Page Map Analysis for the Detection of Drive-by Download Attacks," Journal of Information Processing Systems, vol. 12, no. 3, pp. 422-435, 2016. DOI: 10.3745/JIPS.03.0045.

[ACM Style]
Sang-Yong Choi, Daehyeok Kim, and Yong-Min Kim. 2016. ELPA: Emulation-Based Linked Page Map Analysis for the Detection of Drive-by Download Attacks. Journal of Information Processing Systems, 12, 3, (2016), 422-435. DOI: 10.3745/JIPS.03.0045.