Study of Behavior-Based High Speed Visit/Inspection Technology to Detect Malicious Websites

Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 215)

Abstract

While the Web provides much convenience and many people all over the world use it almost every day, it is often misused as a medium for distributing malware without users’ knowledge. Special care is particularly needed with regard to Websites that are popular with users, since their infection with malware can greatly extend the scope of any damage. Damage caused by malware can be minimized by detecting malicious sites and taking the necessary countermeasures early on. As attack techniques have been evolving, including the abuse of unknown vulnerabilities and the application of detection evasion technology, the advancement of detection technology is urgently required. Leading methods of inspecting the malware concealed in websites include low interaction Web crawling detection, which is fast but dependent upon the signature, and high interaction behavior-based detection, which offers a wide detection range and enables the detection of unknown attacks, although it is somewhat slow. This paper proposes a technology that can visit and quickly inspect large websites to more accurately detect unknown attacks and detection-evading attacks.

Notes

Acknowledgments

This research was supported by the Korea Communications Commission (KCC), Korea, under the R&D program supervised by the Korea Communications Agency (KCA)”(KCA-2012-(10912-06001)).

References

  1. 1.
    Jamie R (2008) Server honeypot vs. client honeypot. The Honeynet project. http://www.honeynet.org/node/158. Accessed Aug 2008
  2. 2.
    Ikinci A, Holz T, Freiling F (2008) Monkey-spider: detecting malicious websites with low-interaction honeyclients. In: Proceedings of Sicherheit, Schutz und Zuverl, April 2008Google Scholar
  3. 3.
    Wang Y, Beck D, Jiang X, Roussev R, Verbowski C, Chen S, King S (2006) Automated web patrol with strider honeymonkeys: finding web sites that exploit browser vulnerabilities. In: 13th annual network and distributed system security symposium. Internet Society, San DieGoogle Scholar
  4. 4.
    New Zealand Honeynet Project Capture-HPC—capture—the high interaction client honeypot. http://www.nz-honeynet.org/capture.html
  5. 5.
    Kim BI, Cheong JI, Cheong HC Study of search keyword based automatic malware collection systemGoogle Scholar
  6. 6.
    Kim BI Study of automatic collection of malware distributed through SNS. ISSN 1738-611XGoogle Scholar

Copyright information

© Springer Science+Business Media Dordrecht 2013

Authors and Affiliations

  1. 1.Team of Security R&D Korea Internet and Security Agency (KISA) SeoulSeoulKorea

Personalised recommendations