Proposal of detection method based on HTTP headers against Drive By Download Attack

Bibliographic Information

Other Title
  • Drive By Download攻撃に対するHTTPヘッダ情報に基づく検知手法の提案

Search this article

Abstract

近年,WEB サイトを閲覧したユーザ PC にマルウェアを感染させることを目的とした Drive By Download 攻撃が様々な技術を複合的に用いることで高度化している.中でもスクリプトコードの難読化技術は,Drive By Download 攻撃の潜行化を実現しており,コードの特徴に基づいた検知は難しい可能性がある.そこで,難読化技術の影響を受けない HTTP ヘッダ情報に着目し調査を行い,Drive By Download 攻撃における検知の判断要素の一つとしての可能性を示し,検知手法の提案を行った.NTT セキュアプラットフォーム研究所より得た D3M の実験データを用い,実験を行った結果,検知率が 88% 以上であることを確認した.Recently, Drive By Download Attacks to infect the user program which is used for browsing the Website have been more sophisticated by introducing complex techniques. Among them, script code obfuscation enables the attack undetectable. Therefore, conventional detection methods based on the script code becomes useless. Thus we have focused on the HTTP header which is not affected by the script code obfuscation. We conducted a survey of the characteristics of the HTTP header of Drive By Download Attack. In addition, we made a proposal the detection method based o the characteristics. Moreover, experimentation of the detection method using D3M data obtained from NTT Secure Platform Laboratory made appear that the detection rate is more than 88%.

Journal

Details 詳細情報について

  • CRID
    1571980077826388480
  • NII Article ID
    110009551652
  • NII Book ID
    AA11235941
  • Text Lang
    ja
  • Data Source
    • CiNii Articles

Report a problem

Back to top