Á¤º¸°úÇÐȸ ³í¹®Áö C : ÄÄÇ»ÆÃÀÇ ½ÇÁ¦
Current Result Document : 8 / 9
| ÇѱÛÁ¦¸ñ(Korean Title) |
°í »óÈ£ÀÛ¿ë Ŭ¶óÀ̾ðÆ® Çã´ÏÆÌÀ» ÀÌ¿ëÇÑ ½ÇÇà ±â¹ÝÀÇ ¾Ç¼º À¥ ÆäÀÌÁö ŽÁö ½Ã½ºÅÛ ¹× ¼º´É ºÐ¼® |
| ¿µ¹®Á¦¸ñ(English Title) |
Execution-based System and Its Performance Analysis for Detecting Malicious Web Pages using High Interaction Client Honeypot |
| ÀúÀÚ(Author) |
±è¹ÎÀç
ÀåÇý¿µ
Á¶¼ºÁ¦
Minjae Kim
Hyeyoung Chang
Seongje Cho
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 15 NO. 12 PP. 1003 ~ 1007 (2009. 12) |
Çѱ۳»¿ë
(Korean Abstract) |
Drive-by download¿Í °°Àº Ŭ¶óÀ̾ðÆ® Ãø °ø°ÝÀº, ¾ÇÀÇÀûÀÎ ¼¹ö¿Í »óÈ£ÀÛ¿ëÇϰųª ¾ÇÀÇÀûÀÎ µ¥ÀÌÅ͸¦ ó¸®Çϴ Ŭ¶óÀ̾ðÆ® ¾ÖÇø®ÄÉÀ̼ÇÀÇ Ãë¾àÁ¡À» ´ë»óÀ¸·Î ÀÌ·ç¾îÁø´Ù. ÀüÇüÀûÀÎ °ø°ÝÀº ƯÁ¤ ºê¶ó¿ìÀú Ãë¾àÁ¡À» ¾Ç¿ëÇÏ´Â ¾Ç¼º À¥ ÆäÀÌÁö¿Í °ü·ÃµÈ À¥ ±â¹Ý °ø°ÝÀ¸·Î, Ŭ¶óÀ̾ðÆ® ½Ã½ºÅÛ¿¡ ¸Ö¿þ¾î¸¦ ½ÇÇàÇϰųª Ŭ¶óÀ̾ðÆ®ÀÇ Á¦¾î¸¦ ¾ÇÀÇÀûÀÎ ¼¹ö¿¡°Ô ¿ÏÀüÈ÷ ³Ñ°ÜÁֱ⵵ ÇÑ´Ù. ÀÌ·¯ÇÑ °ø°ÝÀ» ¹æ¾îÇϱâ À§ÇØ, º» ³í¹®¿¡¼´Â Capture-HPC¸¦ ÀÌ¿ëÇÏ¿© °¡»ó¸Ó½Å¿¡¼ ½ÇÇà±â¹ÝÀ¸·Î ¾Ç¼º À¥ ÆäÀÌÁö¸¦ ŽÁöÇÏ´Â °í »óÈ£ÀÛ¿ë(high interaction) Ŭ¶óÀ̾ðÆ® Çã´ÏÆÌÀ» ±¸ÃàÇÏ¿´´Ù.
ÀÌ ½ÇÇà±â¹Ý ŽÁö ½Ã½ºÅÛÀ» ÀÌ¿ëÇÏ¿© ¾Ç¼º À¥ ÆäÀÌÁö¸¦ ŽÁöÇÏ°í ºÐ·ùÇÏ¿´´Ù. ¶ÇÇÑ °¡»ó¸Ó½ÅÀÇ À̹ÌÁö °³¼ö ¹× ÇÑ °¡»ó¸Ó½Å¿¡¼ µ¿½Ã ¼öÇàÇÏ´Â ºê¶ó¿ìÀú ¼ö¿¡ µû¸¥ ½Ã½ºÅÛ ¼º´ÉÀ» ºÐ¼®ÇÏ¿´´Ù. ½ÇÇè °á°ú, °¡»ó¸Ó½ÅÀÇ À̹ÌÁö ¼ö´Â ÇϳªÀÌ°í µ¿½Ã ¼öÇàÇÏ´Â ºê¶ó¿ìÀúÀÇ ¼ö°¡ 50°³ÀÏ ¶§ ½Ã½ºÅÛÀÌ ÀûÀº ¸®¹öÆà ¿À¹öÇìµå¸¦ À¯¹ßÇÏ¿© ´õ ³ªÀº ¼º´ÉÀ» º¸¿´´Ù. |
¿µ¹®³»¿ë
(English Abstract) |
Client-side attacks including drive-by download target vulnerabilities in client applications that interact with a malicious server or process malicious data. A typical client-side attack is web-based one related to a malicious web page exploiting specific browser vulnerability that can execute malware on the client system (PC) or give complete control of it to the malicious server. To defend those attacks, this paper has constructed high interaction client honeypot system using Capture-HPC that adopts execution-based detection in virtual machine. We have detected and classified malicious web pages using the system. We have also analyzed the system's performance in terms of the number of virtual machine images and the number of browsers executed simultaneously in each virtual machine. Experimental results show that the system with one virtual machine image obtains better performance with less reverting overhead. The system also shows good performance when the number of browsers executed simultaneously in a virtual machine is 50. |
| Å°¿öµå(Keyword) |
Drive-by download
°í »óÈ£ÀÛ¿ë Ŭ¶óÀ̾ðÆ® Çã´ÏÆÌ
°¡»ó¸Ó½Å
½ÇÇà±â¹Ý ŽÁö
¼º´É ºÐ¼®
Driveby download
High interaction client honeypot
Virtual machine
Execution- based detection
Performance analysis
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
