Sang-Yong Choi, Daehyeok Kim, Yong-Min Kim, Journal of Information Processing Systems Vol. 12, No. 3, pp. 422-435, Sep. 2016  

https://doi.org/10.3745/JIPS.03.0045
Keywords: Drive-by download, Malware Distribution Network, Webpage Link Analysis, Web security
Fulltext: PDF Full Text PubReader

Abstract

Despite the convenience brought by the advances in web and Internet technology, users are increasingly being exposed to the danger of various types of cyber attacks. In particular, recent studies have shown that today’s cyber attacks usually occur on the web via malware distribution and the stealing of personal information. A drive-by download is a kind of web-based attack for malware distribution. Researchers have proposed various methods for detecting a drive-by download attack effectively. However, existing methods have limitations against recent evasion techniques, including JavaScript obfuscation, hiding, and dynamic code evaluation. In this paper, we propose an emulation-based malicious webpage detection method. Based on our study on the limitations of the existing methods and the state-of-the-art evasion techniques, we will introduce four features that can detect malware distribution networks and we applied them to the proposed method. Our performance evaluation using a URL scan engine provided by VirusTotal shows that the proposed method detects malicious webpages more precisely than existing solutions.

Statistics
Cite this article