Multi-Environment Analysis System for Evaluating the Impact of Malicious Web Sites Changing Their Behavior

Yoshiaki SHIRAISHI  Masaki KAMIZONO  Masanori HIROTOMO  Masami MOHRI  
Paper on system development

Publication
IEICE TRANSACTIONS on Information and Systems   Vol.E100-D   No.10   pp.2449-2457
Publication Date: 2017/10/01
Online ISSN: 1745-1361
Type of Manuscript: Special Section PAPER (Special Section on Advanced Log Processing and Office Information Systems)
Category: 
Keyword: 
drive-by download attack,  web site analysis,  multi-environment analysis,  forensic,  risk hedge,  

Full Text: PDF(1.2MB)
>>Buy this Article


Summary: 
In the case of drive-by download attacks, most malicious web sites identify the software environment of the clients and change their behavior. Then we cannot always obtain sufficient information appropriate to the client organization by automatic dynamic analysis in open services. It is required to prepare for expected incidents caused by re-accessing same malicious web sites from the other client in the organization. To authors' knowledge, there is no study of utilizing analysis results of malicious web sites for digital forensic on the incident and hedging the risk of expected incident in the organization. In this paper, we propose a system for evaluating the impact of accessing malicious web sites by using the results of multi-environment analysis. Furthermore, we report the results of evaluating malicious web sites by the multi-environment analysis system, and show how to utilize analysis results for forensic analysis and risk hedge based on actual cases of analyzing malicious web sites.