Fig. 1. Executing drive-by download attacks by using malicious URL hidden in web source codes
Fig. 2. An example of hidden malicious URL generated by Javascript encoding obfuscation
Fig. 3. Timeline showing when hidden malicious URLs can be injected into an software(source code) during its SDLC(Software Development Life Cycle)
Fig. 4. The design architecture of our proposed system
Fig. 5. Main Page View of Our Proposed System
Fig. 6. An example of discovery result (Sample 2)
Fig. 7. Discovery Execution Time (Sample 1 ~ 6)
Fig. 8. Discovery Execution Time (# of files : 10 ~ 100)
Table 1. Test Result of Hidden, Malicious URL Discovery
References
- G Davanzo, E Medvet and A Bartoli, "Anomaly detection technique for a web defacement monitoring service," Expert Systems with Applications(ESWA), Vol. 38, No. 10, pp.12521-12530, 2011. https://doi.org/10.1016/j.eswa.2011.04.038
- S. Khattak, NR. Ramay, KR Khan, AA. Syed, and SA. Khayam, "A Taxonomy of Botnet Behavior, Detection, and Defense," IEEE Communications Survey & Tutorials, Vol. 16, No. 2, pp.898-924, Second Quarter 2014. https://doi.org/10.1109/SURV.2013.091213.00134
- Porras, Phillip, Hassen Saidi, and Vinod Yegneswaran, "A multi-perspective analysis of the storm (peacomm) worm. Technical report, Computer Science Laboratory," SRI International, 2007.
- D. Dagon, "Botnet Detection and Response - The network is the infection," Copperative Association for Internet Data Analysis DNS-OARC Workshop, July, Vol. 25, 2005.
- D. Dagon et al, "A taxonomy of botnet structures," Twenty-Third Annual Computer Security Applications Conferenece ACSAC 2007, Vol. 36, pp. 325-339, 2007.
- W Xu, F Zhang and S Zhu, "The Power of Obfuscation Techniques in Malicious Javascript Code: A Measurement Study," Proceedings of International Conference on Malicious and Unwanted Software, pp.9-16, Oct. 2012.
- W Xu, F Zhang and S Zhu, "JStill : Mostly Static Detection of Obfuscated Malicious Javascript Code," Proceedings of the third ACM conference on Data and application security and privacy, pp.117-128, Feb. 2013.
- Mavrommatis, Niels Provos Panayiotis, and Moheeb Abu Rajab Fabian Monrose. "All your iframes point to us," Proceedings of USENIX Security Symposium. pp.1-16. 2008.
- C Curtsinger, B Livshits, BG Zorn and C Seifert, "Zozzle: Fast and Precise In-Browser Javascript Malware Detection," Proceedings of USENIX Security Symposium, pp.33-48, Aug. 2011.
- ChromeDriver, http://chromedriver.chromium.org/home.
- JW Ratcliff and DE Metzener, "Pattern matching : The gestalt approach," Dr. Dobb's Journal, 13(7) 1998.
- N-gram, https://pypi.org/project/ngram.
- Zohn-H, http://www.zone-h.org.
- Pyhton, https://www.python.org.
- Selenium Webdriver, https://www.seleniumhq.org/projects/webdriver.