Evaluations and Analysis of Malware Prevention Methods on Websites
スポンサーリンク
概要
- 論文の詳細を見る
With the diffusion of web services caused by the appearance of a new architecture known as cloud computing, a large number of websites have been used by attackers as hopping sites to attack other websites and user terminals because many vulnerable websites are constructed and managed by unskilled users. To construct hopping sites, many attackers force victims to download malware by using vulnerabilities in web applications. To protect websites from these malware infection attacks, conventional methods, such as using anti-virus software, filter files from attackers using pattern files generated by analyzing conventional malware files collected by security vendors. In addition, certain anti-virus software uses a behavior blocking approach, which monitors malicious file activities and modifications. These methods can detect malware files that are already known. However, it is difficult to detect malware that is different from known malware. It is also difficult to define malware since legitimate software files can become malicious depending on the situation. We previously proposed an access filtering method based on communication opponents, which are other servers or terminals that connect with our web honeypots, of attacks collected by web honeypots, which collect malware infection attacks to websites by using actual vulnerable web applications. In this blacklist-based method, URLs or IP addresses, which are used in malware infection attacks collected by web honeypots, are listed in a blacklist, and accesses to and from websites are filtered based on the blacklist. To reveal the effects in an actual attack situation on the Internet, we evaluated the detection ratio of anti-virus software, our method, and a composite of both methods. Our evaluation revealed that anti-virus software detected approximately 50% of malware files, our method detected approximately 98% of attacks, and the composite of the two methods could detect approximately 99% of attacks.
- The Institute of Electronics, Information and Communication Engineersの論文
著者
-
Ohsaki Hiroyuki
Graduate School Of Engineering Science Osaka University
-
OHSAKI Hiroyuki
Graduate School of Information Science and Technology, Osaka University
-
YAGI Takeshi
NTT Secure Platform Laboratories, NTT Corporation
-
MURAYAMA Junichi
NTT Secure Platform Laboratories, NTT Corporation
-
HARIU Takeo
NTT Secure Platform Laboratories, NTT Corporation
関連論文
- Estimation of Cell Membrane Permeability and Intracellular Diffusion Coefficient of Human Gray Matter
- Stability Analysis of XCP (eXplicit Control Protocol) with Heterogeneous Flows
- Delay Performance Analysis on Ad-Hoc Delay Tolerant Broadcast Network Applied to Vehicle-to-Vehicle Communication
- SB-6-5 An Application of System Identification to Modeling End-to-End Packet Delay Dynamics of the Internet
- Estimating Node Characteristics from Topological Structure of Social Networks
- PID Congestion Control in ATM with Propagation Delay
- Hybrid Path Allocation Scheme for Multilayer Networks
- Improving Robustness of XCP (eXplicit Control Protocol) for Dynamic Traffic
- GridFTP-APT : Automatic Parallelism Tuning Mechanism for GridFTP in Long-Fat Networks
- Analysis of Blacklist Update Frequency for Countering Malware Attacks on Websites
- Evaluations and Analysis of Malware Prevention Methods on Websites
- A Method for Accelerating Flow-level Network Simulation with Low-pass Filtering of Fluid Models