The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
최근에는 상대방의 웹사이트로 사용자를 유도하고 웹 브라우저의 취약점을 악용하는 웹 브라우저 표적 공격이 증가하고 있으며, 이에 대한 수법과 대응책에 대한 해명이 시급히 요구되고 있다. 본 논문에서는 다양한 악성 웹 사이트를 탐지하고 조사할 수 있는 드라이브 바이 다운로드 공격을 위한 새로운 클라이언트 허니팟의 설계 및 구현을 소개합니다. 기존 클라이언트 허니팟의 문제점을 바탕으로 클라이언트 허니팟의 요구 사항을 열거합니다. 1) 감지 정확도와 다양성, 2) 컬렉션 다양성, 3) 성능 효율성, 4) 안전과 안정성. 우리는 이러한 요구 사항과 관련하여 시스템을 개선합니다. 우리가 개발한 시스템의 주요 기능은 익스플로잇 단계에 초점을 맞춘 단계별 탐지, 다중 크롤러 처리, 악성코드 유포망 추적, 악성코드 감염 예방 등이다. 우리가 개발한 시스템을 실험실 실험과 현장 실험을 통해 평가한 결과 기존 클라이언트 허니팟에 비해 탐지 다양성과 크롤링 성능이 더 높은 것으로 나타났다. 또한, 우리 시스템은 대응을 위한 정보 수집이 가능하며, 지속적인 운영을 위해 안전하고 안정적입니다. 우리는 우리 시스템이 악성 웹 사이트를 종합적으로 조사하고 대응책을 지원할 수 있다고 결론을 내렸습니다.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
부
Mitsuaki AKIYAMA, Makoto IWAMURA, Yuhei KAWAKOYA, Kazufumi AOKI, Mitsutaka ITOH, "Design and Implementation of High Interaction Client Honeypot for Drive-by-Download Attacks" in IEICE TRANSACTIONS on Communications,
vol. E93-B, no. 5, pp. 1131-1139, May 2010, doi: 10.1587/transcom.E93.B.1131.
Abstract: Nowadays, the number of web-browser targeted attacks that lead users to adversaries' web sites and exploit web browser vulnerabilities is increasing, and a clarification of their methods and countermeasures is urgently needed. In this paper, we introduce the design and implementation of a new client honeypot for drive-by-download attacks that has the capacity to detect and investigate a variety of malicious web sites. On the basis of the problems of existing client honeypots, we enumerate the requirements of a client honeypot: 1) detection accuracy and variety, 2) collection variety, 3) performance efficiency, and 4) safety and stability. We improve our system with regard to these requirements. The key features of our developed system are stepwise detection focusing on exploit phases, multiple crawler processing, tracking of malware distribution networks, and malware infection prevention. Our evaluation of our developed system in a laboratory experiment and field experiment indicated that its detection variety and crawling performance are higher than those of existing client honeypots. In addition, our system is able to collect information for countermeasures and is secure and stable for continuous operation. We conclude that our system can investigate malicious web sites comprehensively and support countermeasures.
URL: https://global.ieice.org/en_transactions/communications/10.1587/transcom.E93.B.1131/_p
부
@ARTICLE{e93-b_5_1131,
author={Mitsuaki AKIYAMA, Makoto IWAMURA, Yuhei KAWAKOYA, Kazufumi AOKI, Mitsutaka ITOH, },
journal={IEICE TRANSACTIONS on Communications},
title={Design and Implementation of High Interaction Client Honeypot for Drive-by-Download Attacks},
year={2010},
volume={E93-B},
number={5},
pages={1131-1139},
abstract={Nowadays, the number of web-browser targeted attacks that lead users to adversaries' web sites and exploit web browser vulnerabilities is increasing, and a clarification of their methods and countermeasures is urgently needed. In this paper, we introduce the design and implementation of a new client honeypot for drive-by-download attacks that has the capacity to detect and investigate a variety of malicious web sites. On the basis of the problems of existing client honeypots, we enumerate the requirements of a client honeypot: 1) detection accuracy and variety, 2) collection variety, 3) performance efficiency, and 4) safety and stability. We improve our system with regard to these requirements. The key features of our developed system are stepwise detection focusing on exploit phases, multiple crawler processing, tracking of malware distribution networks, and malware infection prevention. Our evaluation of our developed system in a laboratory experiment and field experiment indicated that its detection variety and crawling performance are higher than those of existing client honeypots. In addition, our system is able to collect information for countermeasures and is secure and stable for continuous operation. We conclude that our system can investigate malicious web sites comprehensively and support countermeasures.},
keywords={},
doi={10.1587/transcom.E93.B.1131},
ISSN={1745-1345},
month={May},}
부
TY - JOUR
TI - Design and Implementation of High Interaction Client Honeypot for Drive-by-Download Attacks
T2 - IEICE TRANSACTIONS on Communications
SP - 1131
EP - 1139
AU - Mitsuaki AKIYAMA
AU - Makoto IWAMURA
AU - Yuhei KAWAKOYA
AU - Kazufumi AOKI
AU - Mitsutaka ITOH
PY - 2010
DO - 10.1587/transcom.E93.B.1131
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E93-B
IS - 5
JA - IEICE TRANSACTIONS on Communications
Y1 - May 2010
AB - Nowadays, the number of web-browser targeted attacks that lead users to adversaries' web sites and exploit web browser vulnerabilities is increasing, and a clarification of their methods and countermeasures is urgently needed. In this paper, we introduce the design and implementation of a new client honeypot for drive-by-download attacks that has the capacity to detect and investigate a variety of malicious web sites. On the basis of the problems of existing client honeypots, we enumerate the requirements of a client honeypot: 1) detection accuracy and variety, 2) collection variety, 3) performance efficiency, and 4) safety and stability. We improve our system with regard to these requirements. The key features of our developed system are stepwise detection focusing on exploit phases, multiple crawler processing, tracking of malware distribution networks, and malware infection prevention. Our evaluation of our developed system in a laboratory experiment and field experiment indicated that its detection variety and crawling performance are higher than those of existing client honeypots. In addition, our system is able to collect information for countermeasures and is secure and stable for continuous operation. We conclude that our system can investigate malicious web sites comprehensively and support countermeasures.
ER -