• Title/Summary/Keyword: Webpage Link Analysis

Search Result 2, Processing Time 0.017 seconds

ELPA: Emulation-Based Linked Page Map Analysis for the Detection of Drive-by Download Attacks

  • Choi, Sang-Yong;Kim, Daehyeok;Kim, Yong-Min
    • Journal of Information Processing Systems
    • /
    • v.12 no.3
    • /
    • pp.422-435
    • /
    • 2016
  • Despite the convenience brought by the advances in web and Internet technology, users are increasingly being exposed to the danger of various types of cyber attacks. In particular, recent studies have shown that today's cyber attacks usually occur on the web via malware distribution and the stealing of personal information. A drive-by download is a kind of web-based attack for malware distribution. Researchers have proposed various methods for detecting a drive-by download attack effectively. However, existing methods have limitations against recent evasion techniques, including JavaScript obfuscation, hiding, and dynamic code evaluation. In this paper, we propose an emulation-based malicious webpage detection method. Based on our study on the limitations of the existing methods and the state-of-the-art evasion techniques, we will introduce four features that can detect malware distribution networks and we applied them to the proposed method. Our performance evaluation using a URL scan engine provided by VirusTotal shows that the proposed method detects malicious webpages more precisely than existing solutions.

A Method for Calculating Exposure Risks of Privacy Information based on Website Structures (웹사이트의 구조를 고려한 개인정보 노출 위험도 계산 기법)

  • Lee, Sue Kyoung;Son, Jin Sik;Kim, Kwanho
    • The Journal of Society for e-Business Studies
    • /
    • v.21 no.1
    • /
    • pp.1-14
    • /
    • 2016
  • This research proposes a method that aims to evaluate the risk levels of websites based on exposure risks of privacy information. The proposed method considers two aspects as follows. First, we define the risk levels of each privacy information according to its own inherent risk. Second, we calculate the visiting probability of a webpage to measure the expected of the actual exposure of privacy information on that webpage. In this research, we implemented an system to prove that automatically collects websites and calculates their risk levels. For the experiments, we used a real world dataset consisting of a total of websites for 4 categories such as university, bank, central government agency, and education. The experiment results show that the websites in the bank category are relatively well managed, while the others are needed to cope with the exposure of privacy information. Finally, the proposed method in this research is expected to be further utilized in establishing a priority-based approach to alleviate of the privacy information exposure problems.