Study on Network-Based Technology for Detecting Potentially Malicious Websites
Cyber terrors against specific enterprises or countries have been increasing recently. Such attacks against specific targets are called advanced persistent threat (APT), and they are giving rise to serious social problems. The malicious behaviors of APT attacks mostly affect websites and penetrate enterprise networks to perform malevolent acts. Although many enterprises invest heavily in security to defend against such APT threats, they recognize the APT attacks only after the latter are already in action. This paper discusses the characteristics of APT attacks at each step as well as the strengths and weaknesses of existing malicious code detection technologies to check their suitability for detecting APT attacks. It then proposes a network-based malicious behavior detection algorithm to protect the enterprise or national networks.
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1089243Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1242
 Michael K. Daly, "The Advanced Persistent Threat,” LISA `09
 Mandiant, the Advanced Persistent Threat, M. Trends, 2010
 Giura.P, Wei Wang, "A Context-Based Detection Framework for Advanced Persistent Threats,” Cyber Security 2012 International Conference, pp. 69-74, 2012
 Ajay K. Sood, "Modern Malware and APT: What You May be Missing and Why’” AtlSecCon, March 2012
 Gang Wang, Jack W. Storkes, Cormac Herley, DividFelstead, "Detecting Malicious Landing Pages in Malware Distribution Networks,” 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp.1-11, June 2013
 J. Zhang, C. Seifert, J. W. Stokes, and W. Lee., "ARROW: Generating signatures to detect drive-by downloads,” In Proceedings of the 20th Annual World Wide Web Conference (WWW), pp. 187-196, Hyderabad, India, March 28 - Apr. 1, 2011
 BITS, "Malware Risk and Mitigation Report,” BITS, June 2011
 Niels Provos Panayiotis Mavrommatis Moheeb Abu Rajab Fabian Monrose, "All Your iFRAMEs Point to Us,” Google Technical Report provos-2008
 Y. Wang, D. Beck, X. Jiang, R. Roussev, C. Verbowski, S. Chen and S. King, "Automated Web Patrol With Strider Honeymonkeys: Finding Web Sites That Exploit Browser Vulnerabilities", in 13th Annual Network and Distributed System Security Symposium. San Die: Internet Society, 2006
 Christian Seifert, Ian Welch and Peter Komisarczuk, "Application of divide-and-conquer algorithm paradigm to improve the detection speed of high interaction client honeypot", SAC'08, pp. 1426-1432, March 2008
 Ali Ikinci, Thorsten Holz, and Felix Freiling. (2008). "Monkey-Spider: Detecting Malicious WebSites with Low-Interaction Honeyclients,” In Proceeding of Sicherheit, Schutz and Zuverl.
 A. Moshchuk, T. Bragin, S. D. Gribble, and H. M. Levy, "A crawlerbased study of spyware on the web,” in Proc. NDSS, 2006.
 Long Lu, Vinod Yegneswaran, Phillip Porras, Wenke Lee "BLADE: An Attack-Agnostic Approach for Preventing Drive-By Malware Infection", CCS'10, 10.2010.
 Wepawet, http://wepawet.iseclab.org, UCSB
 Monkey Wrench, http://monkeywrench.de, G Data Software AG
 Jon Oliver, Sandra Cheng, Lala Manly, Joey Zhu, Roland Dela Paz, Sabrina Sioting, and Jonathan Leopando "Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs,” Trend Micro Incorporated Research Paper, 2012
 Rebecca Wynn, "Exploit Kits – Cybercrime Made Easy,” Hakin9 IT Security Magazine, pp. 18-25, Jun 2011