Multi-Environment Analysis System for Evaluating the Impact of Malicious Web Sites Changing Their Behavior

Masami MOHRI

Paper on system development

IEICE TRANSACTIONS on Information and Systems   Vol.E100-D    No.10    pp.2449-2457
Publication Date: 2017/10/01
Publicized: 2017/07/21
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2016OFK0001
Type of Manuscript: Special Section PAPER (Special Section on Advanced Log Processing and Office Information Systems)
drive-by download attack,  web site analysis,  multi-environment analysis,  forensic,  risk hedge,  

Full Text: PDF(1.2MB)>>
Buy this Article

In the case of drive-by download attacks, most malicious web sites identify the software environment of the clients and change their behavior. Then we cannot always obtain sufficient information appropriate to the client organization by automatic dynamic analysis in open services. It is required to prepare for expected incidents caused by re-accessing same malicious web sites from the other client in the organization. To authors' knowledge, there is no study of utilizing analysis results of malicious web sites for digital forensic on the incident and hedging the risk of expected incident in the organization. In this paper, we propose a system for evaluating the impact of accessing malicious web sites by using the results of multi-environment analysis. Furthermore, we report the results of evaluating malicious web sites by the multi-environment analysis system, and show how to utilize analysis results for forensic analysis and risk hedge based on actual cases of analyzing malicious web sites.

open access publishing via