A Discovery System of Malicious Javascript URLs hidden in Web Source Code Files (웹 소스코드 파일에 숨겨진 악성 Javascript URL에 대한 점검 체계)

Hweerang Park (박휘랑); Sang-Il Cho (조상일); JungKyu Park (박정규); Youngho Cho (조영호)

doi:10.9708/jksci.2019.24.05.027

A Discovery System of Malicious Javascript URLs hidden in Web Source Code Files

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2019, 24(5), pp.27-33
DOI : 10.9708/jksci.2019.24.05.027
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science
Received : April 2, 2019
Accepted : May 8, 2019
Published : May 31, 2019

Hweerang Park ¹, Sang-Il Cho ², JungKyu Park ³, Youngho Cho ³

¹공군작전사령부
²공군 사이버방호센터
³국방대학교

Accredited

ABSTRACT

One of serious security threats is a botnet-based attack. A botnet in general consists of numerous bots, which are computing devices with networking function, such as personal computers, smartphones, or tiny IoT sensor devices compromised by malicious codes or attackers. Such botnets can launch various serious cyber-attacks like DDoS attacks, propagating mal-wares, and spreading spam e-mails over the network. To establish a botnet, attackers usually inject malicious URLs into web source codes stealthily by using data hiding methods like Javascript obfuscation techniques to avoid being discovered by traditional security systems such as Firewall, IPS(Intrusion Prevention System) or IDS(Intrusion Detection System). Meanwhile, it is non-trivial work in practice for software developers to manually find such malicious URLs which are hidden in numerous web source codes stored in web servers. In this paper, we propose a security defense system to discover such suspicious, malicious URLs hidden in web source codes, and present experiment results that show its discovery performance. In particular, based on our experiment results, our proposed system discovered 100% of URLs hidden by Javascript encoding obfuscation within sample web source files.

KEYWORDS

Hidden URL Discovery, Web Defacement Attack, Javascript Obfuscation, Network Security

Citation status

* References for papers published after 2023 are currently being built.

[journal] G Davanzo / 2011 / Anomaly detection technique for a web defacement monitoring service / Expert Systems with Applications(ESWA) 38(10) : 12521~12530

[journal] S. Khattak / 2014 / A Taxonomy of Botnet Behavior, Detection, and Defense / IEEE Communications Survey & Tutorials 16(2) : 898~924

[report] Porras, Phillip / 2007 / A multi-perspective analysis of the storm (peacomm)worm / Computer Science Laboratory, SRI International

[confproc] D. Dagon / 2005 / Botnet Detection and Response – The network is the infection / Copperative Association for Internet Data Analysis DNS-OARC Workshop 25

[confproc] D. Dagon / 2007 / A taxonomy of botnet structures / Twenty-Third Annual Computer Security Applications Conferenece ACSAC 2007 36 : 325~339

[confproc] W Xu / 2012 / The Power of Obfuscation Techniques in Malicious Javascript Code: A Measurement Study / Proceedings of International Conference on Malicious and Unwanted Software : 9~16

[confproc] W Xu / 2013 / JStill : Mostly Static Detection of Obfuscated Malicious Javascript Code / Proceedings of the third ACM conference on Data and application security and privacy : 117~128

[confproc] Mavrommatis / 2008 / All your iframes point to us / Proceedings of USENIX Security Symposium : 1~16

[confproc] C Curtsinger / 2011 / Zozzle : Fast and Precise In-Browser Javascript Malware Detection / Proceedings of USENIX Security Symposium : 33~48

[web] / ChromeDriver / http://chromedriver.chromium.org/home

[journal] JW Ratcliff / 1998 / Pattern matching : The gestalt approach / Dr. Dobb’s Journal 13(7)

[web] / N-gram / https://pypi.org/project/ngram

[web] / Zohn-H / http://www.zone-h.org

[web] / Pyhton / https://www.python.org

[web] / Selenium Webdriver / https://www.seleniumhq.org/projects/webdriver

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

A Discovery System of Malicious Javascript URLs hidden in Web Source Code Files

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

A Discovery System of Malicious Javascript URLs hidden in Web Source Code Files

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (0)

REFERENCES (15) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.