For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Multi-Environment Analysis System for Evaluating the Impact of Malicious Web Sites Changing Their Behavior
Yoshiaki SHIRAISHI Masaki KAMIZONO Masanori HIROTOMO Masami MOHRI
Paper on system development
IEICE TRANSACTIONS on Information and Systems
Publication Date: 2017/10/01
Online ISSN: 1745-1361
Type of Manuscript: Special Section PAPER (Special Section on Advanced Log Processing and Office Information Systems)
drive-by download attack, web site analysis, multi-environment analysis, forensic, risk hedge,
Full Text: PDF(1.2MB)>>
In the case of drive-by download attacks, most malicious web sites identify the software environment of the clients and change their behavior. Then we cannot always obtain sufficient information appropriate to the client organization by automatic dynamic analysis in open services. It is required to prepare for expected incidents caused by re-accessing same malicious web sites from the other client in the organization. To authors' knowledge, there is no study of utilizing analysis results of malicious web sites for digital forensic on the incident and hedging the risk of expected incident in the organization. In this paper, we propose a system for evaluating the impact of accessing malicious web sites by using the results of multi-environment analysis. Furthermore, we report the results of evaluating malicious web sites by the multi-environment analysis system, and show how to utilize analysis results for forensic analysis and risk hedge based on actual cases of analyzing malicious web sites.