Study of Behavior-Based High Speed Visit/Inspection Technology to Detect Malicious Websites

While the Web provides much convenience and many people all over the world use it almost every day, it is often misused as a medium for distributing malware without users’ knowledge. Special care is particularly needed with regard to Websites that are popular with users, since their infection with malware can greatly extend the scope of any damage. Damage caused by malware can be minimized by detecting malicious sites and taking the necessary countermeasures early on. As attack techniques have been evolving, including the abuse of unknown vulnerabilities and the application of detection evasion technology, the advancement of detection technology is urgently required. Leading methods of inspecting the malware concealed in websites include low interaction Web crawling detection, which is fast but dependent upon the signature, and high interaction behavior-based detection, which offers a wide detection range and enables the detection of unknown attacks, although it is somewhat slow. This paper proposes a technology that can visit and quickly inspect large websites to more accurately detect unknown attacks and detection-evading attacks. J.-S. Kim (&) H.-K. Kang H.-C. Jeong Team of Security R&D Korea Internet and Security Agency (KISA) Seoul, Korea IT Venture Tower, Jungdaero 135, Songpa, Seoul 138-950, Korea e-mail: [email protected] H.-K. Kang e-mail: [email protected] H.-C. Jeong e-mail: [email protected] K. J. Kim and K.-Y. Chung (eds.), IT Convergence and Security 2012, Lecture Notes in Electrical Engineering 215, DOI: 10.1007/978-94-007-5860-5_2, Springer Science+Business Media Dordrecht 2013 13