본문 바로가기
  • Home

A Discovery System of Malicious Javascript URLs hidden in Web Source Code Files

  • Journal of The Korea Society of Computer and Information
  • Abbr : JKSCI
  • 2019, 24(5), pp.27-33
  • DOI : 10.9708/jksci.2019.24.05.027
  • Publisher : The Korean Society Of Computer And Information
  • Research Area : Engineering > Computer Science
  • Received : April 2, 2019
  • Accepted : May 8, 2019
  • Published : May 31, 2019

Hweerang Park 1 Sang-Il Cho 2 JungKyu Park 3 Youngho Cho 3

1공군작전사령부
2공군 사이버방호센터
3국방대학교

Accredited

ABSTRACT

One of serious security threats is a botnet-based attack. A botnet in general consists of numerous bots, which are computing devices with networking function, such as personal computers, smartphones, or tiny IoT sensor devices compromised by malicious codes or attackers. Such botnets can launch various serious cyber-attacks like DDoS attacks, propagating mal-wares, and spreading spam e-mails over the network. To establish a botnet, attackers usually inject malicious URLs into web source codes stealthily by using data hiding methods like Javascript obfuscation techniques to avoid being discovered by traditional security systems such as Firewall, IPS(Intrusion Prevention System) or IDS(Intrusion Detection System). Meanwhile, it is non-trivial work in practice for software developers to manually find such malicious URLs which are hidden in numerous web source codes stored in web servers. In this paper, we propose a security defense system to discover such suspicious, malicious URLs hidden in web source codes, and present experiment results that show its discovery performance. In particular, based on our experiment results, our proposed system discovered 100% of URLs hidden by Javascript encoding obfuscation within sample web source files.

Citation status

* References for papers published after 2022 are currently being built.