Paper Abstract and Keywords |
Presentation |
2017-07-14 13:25
A Forensic Support System for Reproduction of Incidents Caused by Drive-by Download Yuki Okuda, Youji Fukuta (Kindai Univ.), Yoshiaki Shiraishi (Kobe Univ.), Nobukazu Iguchi (Kindai Univ.) ISEC2017-18 SITE2017-10 ICSS2017-17 EMM2017-21 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
In this research, we have developed a system that supports investigation of malware infections and activities in Drive-by Download attack which is one of the dominant tool of sending malware to terminals. This system reproduces HTTP requests, responses and behavior of malicious website related to the Drive-by Download attack from the raw packets of the communication at the time of the incident occurs. As a malicious website is disappeared in a short period, when malware installed in the terminal disappears after the activity or an attacker erases/disturbs the evidence, it becomes difficult to investigation. By using this system at the initial stage and investigation of incident handling, the process of malware infection caused by Drive-by Download attack can be reproduced. Using of this system in an environment where the incident can observe and record, it supports to collect the malware infection process and its activity. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
Incident response / Drive-by download attack / Communication packets / Reproducing malicious website / / / / |
Reference Info. |
IEICE Tech. Rep., vol. 117, no. 127, ICSS2017-17, pp. 81-86, July 2017. |
Paper # |
ICSS2017-17 |
Date of Issue |
2017-07-07 (ISEC, SITE, ICSS, EMM) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
ISEC2017-18 SITE2017-10 ICSS2017-17 EMM2017-21 |
Conference Information |
Committee |
SITE EMM ISEC ICSS IPSJ-CSEC IPSJ-SPT |
Conference Date |
2017-07-14 - 2017-07-15 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
|
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
|
Paper Information |
Registration To |
ICSS |
Conference Code |
2017-07-SITE-EMM-ISEC-ICSS-CSEC-SPT |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
A Forensic Support System for Reproduction of Incidents Caused by Drive-by Download |
Sub Title (in English) |
|
Keyword(1) |
Incident response |
Keyword(2) |
Drive-by download attack |
Keyword(3) |
Communication packets |
Keyword(4) |
Reproducing malicious website |
Keyword(5) |
|
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Yuki Okuda |
1st Author's Affiliation |
Kindai University (Kindai Univ.) |
2nd Author's Name |
Youji Fukuta |
2nd Author's Affiliation |
Kindai University (Kindai Univ.) |
3rd Author's Name |
Yoshiaki Shiraishi |
3rd Author's Affiliation |
Kobe University (Kobe Univ.) |
4th Author's Name |
Nobukazu Iguchi |
4th Author's Affiliation |
Kindai University (Kindai Univ.) |
5th Author's Name |
|
5th Author's Affiliation |
() |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2017-07-14 13:25:00 |
Presentation Time |
25 minutes |
Registration for |
ICSS |
Paper # |
ISEC2017-18, SITE2017-10, ICSS2017-17, EMM2017-21 |
Volume (vol) |
vol.117 |
Number (no) |
no.125(ISEC), no.126(SITE), no.127(ICSS), no.128(EMM) |
Page |
pp.81-86 |
#Pages |
6 |
Date of Issue |
2017-07-07 (ISEC, SITE, ICSS, EMM) |
|