Authors: Ryuya Uda

Abstract:

Nowadays, computer worms, viruses and Trojan horse become popular, and they are collectively called malware. Those malware just spoiled computers by deleting or rewriting important files a decade ago. However, recent malware seems to be born to earn money. Some of malware work for collecting personal information so that malicious people can find secret information such as password for online banking, evidence for a scandal or contact address which relates with the target. Moreover, relation between money and malware becomes more complex. Many kinds of malware bear bots to get springboards. Meanwhile, for ordinary internet users, countermeasures against malware come up against a blank wall. Pattern matching becomes too much waste of computer resources, since matching tools have to deal with a lot of patterns derived from subspecies. Virus making tools can automatically bear subspecies of malware. Moreover, metamorphic and polymorphic malware are no longer special. Recently there appears malware checking sites that check contents in place of users' PC. However, there appears a new type of malicious sites that avoids check by malware checking sites. In this paper, existing protocols and methods related with the web are reconsidered in terms of protection from current attacks, and new protocol and method are indicated for the purpose of security of the web.

Keywords: Information Security, Malware, Network Security, World Wide Web

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1077709

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2051

References:

[1] LinkScannerOnline, http://linkscanner.explabs.com/linkscanner/default.aspx
[2] Dr. Web Online, http://online.us.drweb.com/?url=1
[3] Unmask Parasites (beta), http://www.unmaskparasites.com/
[4] vURL Online, http://vurldissect.co.uk/
[5] aguse, http://www.aguse.jp/ (Japanese)
[6] gred, http://www.gred.jp/ (Japanese)
[7] K. Yoshioka, Y. Hosobuchi, T. Orii, T. Matsumoto, "Vulnerability in Public Malware Sandbox Analysis Systems", in Proc. 2010 10th IEEE/IPSJ International Symposium on Applications and the Internet, 2010, pp.265-268.
[8] T. Kasama, T. Orii, K. Yoshioka, T. Matsumoto, "Vulnerability of Malware Sandbox Analysis as an Online Service (Part 2)", IPSJ Anti Malware Engineering Workshop 2010, 2E1-1 (Japanese).
[9] U. Bayer, C. Kruegel, E. Kirda, "TTAnalyze: A Tool for Analyzing Malware", in Proc. 15th Annual Conference of the European Institute for Computer Antivirus Research (EICAR), 2006.
[10] D. Inoue, K. Yoshioka, M. Eto, Y. Hoshizawa, K. Nalao, "Automated Malware Analysis System and its Sandbox for Revealing Malware's Internal and External Activities", IEICE Trans. Vol.E92D, No.5, pp.945-954, 2009.
[11] S. Miwa, T. Miyachi, M. Eto, M. Yoshizumi, Y. Shinoda, "Design and Implementation of an Isolated Sandbox with Mimetic Internet Used to Analyze Malwares", in Proc. DETER Community Workshop on Cyber Security Experimentation and Test 2007, pp.6, 2007.
[12] C. Willems, T. Holz, F. Freiling, "Toward Automated Dynamic Malware Analysis Using CWSandbox", Security & Privacy Magazine, IEEE, Vol.5, Issue 2, pp.32-39, 2007.
[13] K. Yoshioka, T. Matsumoto, "Multi-pass Malware Sandbox Analysis with Controlled Internet Connection", IEICE Trans. E93A No.1, pp.210-218, 2010.
[14] NormanSandbox, http://www.norman.com/technology/norman_sandbox/
[15] Anubis, http://analysis.seclab.tuwien.ac.at/
[16] ITU-T Recommendation X.200, 1994.