Multi-Environment Analysis System for Evaluating the Impact of Malicious Web Sites Changing Their Behavior

Yoshiaki SHIRAISHI, Masaki KAMIZONO, Masanori HIROTOMO, Masami MOHRI
2017 IEICE transactions on information and systems  
In the case of drive-by download attacks, most malicious web sites identify the software environment of the clients and change their behavior. Then we cannot always obtain sufficient information appropriate to the client organization by automatic dynamic analysis in open services. It is required to prepare for expected incidents caused by re-accessing same malicious web sites from the other client in the organization. To authors' knowledge, there is no study of utilizing analysis results of
more » ... cious web sites for digital forensic on the incident and hedging the risk of expected incident in the organization. In this paper, we propose a system for evaluating the impact of accessing malicious web sites by using the results of multi-environment analysis. Furthermore, we report the results of evaluating malicious web sites by the multi-environment analysis system, and show how to utilize analysis results for forensic analysis and risk hedge based on actual cases of analyzing malicious web sites. key words: drive-by download attack, web site analysis, multi-environment analysis, forensic, risk hedge Manuscript
doi:10.1587/transinf.2016ofk0001 fatcat:bnyzovugfzeqbhyqvud4klv6ku