| Title | Efficient Method for Analyzing Malicious Websites by Using Multi-Environment Analysis System |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Hirotomo, M., Nishio, Y., Kamizono, M., Fukuta, Y., Mohri, M., Shiraishi, Y. |
| Conference Name | 2017 12th Asia Joint Conference on Information Security (AsiaJCIS) |
| Keywords | Browsers, Data analysis, data mining, Decoding, drive-by download attack, dynamic analysis, Electronic mail, Human Behavior, Internet, malicious Web sites, Malware, Metrics, multi-environment analysis, multienvironment analysis system, multimodal analysis, obfuscated javascript, obfuscation code decoding, pubcrawl, Relays, Resiliency, security of data, system monitoring, Uniform resource locators, Web Browser Security, Web client environments, Web sites |
| Abstract | The malicious websites used by drive-by download attacks change their behavior for web client environments. To analyze the behavior of malicious websites, the single-environment analysis cannot obtain sufficient information. Hence, it is difficult to analyze the whole aspect of malicious websites. Also, the code obfuscation and cloaking are used in malicious websites to avoid to be analyzed their behavior. In this paper, we propose an analyzing method that combines decoding of the obfuscation code with dynamic analysis using multi-environment analysis system in order to analyze the behavior of the malicious websites in detail. Furthermore, we present two approaches to improve the multi-environment analysis. The first one is automation of traffic log analysis to reduce the cost of analyzing huge traffic logs between the environments and malicious websites. The second one is multimodal analysis for finding the URL of malicious websites. |
| DOI | 10.1109/AsiaJCIS.2017.21 |
| Citation Key | hirotomo_efficient_2017 |
Efficient Method for Analyzing Malicious Websites by Using Multi-Environment Analysis System