Presentation | 2017-07-14 A Forensic Support System for Reproduction of Incidents Caused by Drive-by Download Yuki Okuda, Youji Fukuta, Yoshiaki Shiraishi, Nobukazu Iguchi, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | In this research, we have developed a system that supports investigation of malware infections and activities in Drive-by Download attack which is one of the dominant tool of sending malware to terminals. This system reproduces HTTP requests, responses and behavior of malicious website related to the Drive-by Download attack from the raw packets of the communication at the time of the incident occurs. As a malicious website is disappeared in a short period, when malware installed in the terminal disappears after the activity or an attacker erases/disturbs the evidence, it becomes difficult to investigation. By using this system at the initial stage and investigation of incident handling, the process of malware infection caused by Drive-by Download attack can be reproduced. Using of this system in an environment where the incident can observe and record, it supports to collect the malware infection process and its activity. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | Incident response / Drive-by download attack / Communication packets / Reproducing malicious website |
Paper # | ISEC2017-18,SITE2017-10,ICSS2017-17,EMM2017-21 |
Date of Issue | 2017-07-07 (ISEC, SITE, ICSS, EMM) |
Conference Information | |
Committee | SITE / EMM / ISEC / ICSS / IPSJ-CSEC / IPSJ-SPT |
---|---|
Conference Date | 2017/7/14(2days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | |
Chair | Hitoshi Okada(NII) / Keiichi Iwamura(TUC) / Kazuto Ogawa(NHK) / Yoshiaki Shiraishi(Kobe Univ.) |
Vice Chair | Tetsuya Morizumi(Kanagawa Univ.) / Masaru Ogawa(Kobe Gakuin Univ.) / Hirohisa Hioki(Kyoto Univ.) / Minoru Kuribayashi(Okayama Univ.) / Atsushi Fujioka(Kanagawa Univ.) / Shiho Moriai(NICT) / Takeshi Ueda(Mitsubishi Electric) / Hiroki Takakura(NII) |
Secretary | Tetsuya Morizumi(Gifu Shotoku Gakuen Univ.) / Masaru Ogawa(Tokyo Univ. of the Arts) / Hirohisa Hioki(Shizuoka Univ.) / Minoru Kuribayashi(Tokyo Metropolitan Univ.) / Atsushi Fujioka(Tohoku Univ.) / Shiho Moriai(Tokai Univ.) / Takeshi Ueda(Yokohama National Univ.) / Hiroki Takakura(NTT) |
Assistant | Akiyoshi Kabeya(Chiba Univ.) / Hisanori Kato(KDDI) / Kan Hyonho(NIT, Tokyo) / Harumi Murata(Tyukyo Univ.) / Keita Emura(NICT) / Yuichi Komano(TOSHIBA) / Yuuji Suga(IIJ) / Takahiro Kasama(NICT) / Akira Yamada(KDDI labs.) |
Paper Information | |
Registration To | Technical Committee on Social Implications of Technology and Information Ethics / Technical Committee on Enriched MultiMedia / Technical Committee on Information Security / Technical Committee on Information and Communication System Security / Special Interest Group on Computer Security / Special Interest Group on Security Psychology and Trust |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | A Forensic Support System for Reproduction of Incidents Caused by Drive-by Download |
Sub Title (in English) | |
Keyword(1) | Incident response |
Keyword(2) | Drive-by download attack |
Keyword(3) | Communication packets |
Keyword(4) | Reproducing malicious website |
1st Author's Name | Yuki Okuda |
1st Author's Affiliation | Kindai University(Kindai Univ.) |
2nd Author's Name | Youji Fukuta |
2nd Author's Affiliation | Kindai University(Kindai Univ.) |
3rd Author's Name | Yoshiaki Shiraishi |
3rd Author's Affiliation | Kobe University(Kobe Univ.) |
4th Author's Name | Nobukazu Iguchi |
4th Author's Affiliation | Kindai University(Kindai Univ.) |
Date | 2017-07-14 |
Paper # | ISEC2017-18,SITE2017-10,ICSS2017-17,EMM2017-21 |
Volume (vol) | vol.117 |
Number (no) | ISEC-125,SITE-126,ICSS-127,EMM-128 |
Page | pp.pp.81-86(ISEC), pp.81-86(SITE), pp.81-86(ICSS), pp.81-86(EMM), |
#Pages | 6 |
Date of Issue | 2017-07-07 (ISEC, SITE, ICSS, EMM) |