Browse > Article
http://dx.doi.org/10.6109/jkiice.2016.20.7.1290

Enhanced Method for Preventing Malware by Detecting of Injection Site  

Baek, Jaejong (Information and Communication School, Naval Education and Training Command)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.20, no.7, 2016 , pp. 1290-1295 More about this Journal
Abstract
Recently, as mobile internet usage has been increasing rapidly, malware attacks through user's web browsers has been spreading in a way of social engineering or drive-by downloading. Existing defense mechanism against drive-by download attack mainly focused on final download sites and distribution paths. However, detection and prevention of injection sites to inject malicious code into the comprised websites have not been fully investigated. In this paper, for the purpose of improving defense mechanisms against these malware downloads attacks, we focus on detecting the injection site which is the key source of malware downloads spreading. As a result, in addition to the current URL blacklist techniques, we proposed the enhanced method which adds features of detecting the injection site to prevent the malware spreading. We empirically show that the proposed method can effectively minimize malware infections by blocking the source of the infection spreading, compared to other approaches of the URL blacklisting that directly uses the drive-by browser exploits.
Keywords
Malware; Malicious Code; Drive-by Download; Injection Site; Social Engineering Attack; Hacking;
Citations & Related Records
연도 인용수 순위
  • Reference
1 The Register' article. [Internet]. Available : http://www.theregister.co.uk/2016/03/09/trend_micro_ransomware_iot_threat_rise/
2 Boan news's article [Internet]. Available: http://www.boannews.com/media/view.asp?idx=46385.
3 M. Antonakakis, et al., "Detecting Malware Domains at the Upper DNS Hierarchy," In USENIX Security, vol. 11. pp. 1-16, 2011.
4 P. Vadrevum et al., "Measuring and detecting malware downloads in live network traffic," In ESORICS. pp. 556-573, 2013.
5 J. Nazario, et al., "A virtual client honeypot," In Proceedings of the 2nd USENIX Conference on LEET., vol 9, pp 911-919, 2009.
6 N. Provos, et al., "The ghost in the browser analysis of webbased malware," In Proceedings of the First Conference on First Workshop on HotBots, vol 7, pp 4-13, 2007.
7 H. Mekky, et al., "Detecting malicious http redirections using trees of user browsing activity," In INFOCOM, pp. 1159-1167, 2014.
8 S. Lee, et al., "A near real-time detection system for suspicious urls in twitter stream," IEEE Trans. Dependable Secur. Comput. vol. 10, no. 3, pp. 183-195, May 2013.   DOI
9 N. Terry, et al,. "WebWitness: Investigating, Categorizing, and Mitigating Malware Download Paths," In USENIX Security 15, pp. 1025-1040, 2015.
10 malware domains list. [Internet]. Available : http://mirror1.malwaredomains.com/files/immortal_domains.txt
11 sample malicious domain list. [Internet]. Available : https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist