ドライブ・バイ・ダウンロード攻撃によるインシデントを再現するフォレンジック支援システム

Presentation	2017-07-14 A Forensic Support System for Reproduction of Incidents Caused by Drive-by Download Yuki Okuda, Youji Fukuta, Yoshiaki Shiraishi, Nobukazu Iguchi,
PDF Download Page	PDF download Page Link
Abstract(in Japanese)	(See Japanese page)
Abstract(in English)	In this research, we have developed a system that supports investigation of malware infections and activities in Drive-by Download attack which is one of the dominant tool of sending malware to terminals. This system reproduces HTTP requests, responses and behavior of malicious website related to the Drive-by Download attack from the raw packets of the communication at the time of the incident occurs. As a malicious website is disappeared in a short period, when malware installed in the terminal disappears after the activity or an attacker erases/disturbs the evidence, it becomes difficult to investigation. By using this system at the initial stage and investigation of incident handling, the process of malware infection caused by Drive-by Download attack can be reproduced. Using of this system in an environment where the incident can observe and record, it supports to collect the malware infection process and its activity.
Keyword(in Japanese)	(See Japanese page)
Keyword(in English)	Incident response / Drive-by download attack / Communication packets / Reproducing malicious website
Paper #	ISEC2017-18,SITE2017-10,ICSS2017-17,EMM2017-21
Date of Issue	2017-07-07 (ISEC, SITE, ICSS, EMM)

Conference Information
Committee	SITE / EMM / ISEC / ICSS / IPSJ-CSEC / IPSJ-SPT
Conference Date	2017/7/14(2days)
Place (in Japanese)	(See Japanese page)
Place (in English)
Topics (in Japanese)	(See Japanese page)
Topics (in English)
Chair	Hitoshi Okada(NII) / Keiichi Iwamura(TUC) / Kazuto Ogawa(NHK) / Yoshiaki Shiraishi(Kobe Univ.)
Vice Chair	Tetsuya Morizumi(Kanagawa Univ.) / Masaru Ogawa(Kobe Gakuin Univ.) / Hirohisa Hioki(Kyoto Univ.) / Minoru Kuribayashi(Okayama Univ.) / Atsushi Fujioka(Kanagawa Univ.) / Shiho Moriai(NICT) / Takeshi Ueda(Mitsubishi Electric) / Hiroki Takakura(NII)
Secretary	Tetsuya Morizumi(Gifu Shotoku Gakuen Univ.) / Masaru Ogawa(Tokyo Univ. of the Arts) / Hirohisa Hioki(Shizuoka Univ.) / Minoru Kuribayashi(Tokyo Metropolitan Univ.) / Atsushi Fujioka(Tohoku Univ.) / Shiho Moriai(Tokai Univ.) / Takeshi Ueda(Yokohama National Univ.) / Hiroki Takakura(NTT)
Assistant	Akiyoshi Kabeya(Chiba Univ.) / Hisanori Kato(KDDI) / Kan Hyonho(NIT, Tokyo) / Harumi Murata(Tyukyo Univ.) / Keita Emura(NICT) / Yuichi Komano(TOSHIBA) / Yuuji Suga(IIJ) / Takahiro Kasama(NICT) / Akira Yamada(KDDI labs.)

Paper Information
Registration To	Technical Committee on Social Implications of Technology and Information Ethics / Technical Committee on Enriched MultiMedia / Technical Committee on Information Security / Technical Committee on Information and Communication System Security / Special Interest Group on Computer Security / Special Interest Group on Security Psychology and Trust
Language	JPN
Title (in Japanese)	(See Japanese page)
Sub Title (in Japanese)	(See Japanese page)
Title (in English)	A Forensic Support System for Reproduction of Incidents Caused by Drive-by Download
Sub Title (in English)
Keyword(1)	Incident response
Keyword(2)	Drive-by download attack
Keyword(3)	Communication packets
Keyword(4)	Reproducing malicious website
1st Author's Name	Yuki Okuda
1st Author's Affiliation	Kindai University(Kindai Univ.)
2nd Author's Name	Youji Fukuta
2nd Author's Affiliation	Kindai University(Kindai Univ.)
3rd Author's Name	Yoshiaki Shiraishi
3rd Author's Affiliation	Kobe University(Kobe Univ.)
4th Author's Name	Nobukazu Iguchi
4th Author's Affiliation	Kindai University(Kindai Univ.)
Date	2017-07-14
Paper #	ISEC2017-18,SITE2017-10,ICSS2017-17,EMM2017-21
Volume (vol)	vol.117
Number (no)	ISEC-125,SITE-126,ICSS-127,EMM-128
Page	pp.pp.81-86(ISEC), pp.81-86(SITE), pp.81-86(ICSS), pp.81-86(EMM),
#Pages	6
Date of Issue	2017-07-07 (ISEC, SITE, ICSS, EMM)