Á¤º¸°úÇÐȸ ³í¹®Áö C : ÄÄÇ»ÆÃÀÇ ½ÇÁ¦
Current Result Document : 17 / 18
ÇѱÛÁ¦¸ñ(Korean Title) |
¾Ç¼º URL ŽÁö ¹× ÇÊÅ͸µ ½Ã½ºÅÛ ±¸Çö |
¿µ¹®Á¦¸ñ(English Title) |
An Implementation of System for Detecting and Filtering Malicious URLs |
ÀúÀÚ(Author) |
ÀåÇý¿µ
±è¹ÎÀç
±èµ¿Áø
ÀÌÁø¿µ
±èÈ«±Ù
Á¶¼ºÁ¦
Hye-Young Chang
Min-Jae Kim
Dong-Jin Kim
Jin-Young Lee
Hong Kun Kim
Seong-Je Cho
|
¿ø¹®¼ö·Ïó(Citation) |
VOL 16 NO. 04 PP. 0405 ~ 0414 (2010. 04) |
Çѱ۳»¿ë (Korean Abstract) |
2008³âµµ SecruityFocus ÀÚ·á¿¡ µû¸£¸é ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ ÀÎÅÍ³Ý ÀͽºÇ÷η¯¸¦ ÅëÇÑ Å¬¶óÀ̾ðÆ® Ãø °ø°Ý(client-side attack)ÀÌ 50%ÀÌ»ó Áõ°¡ÇÏ¿´´Ù. º» ³í¹®¿¡¼´Â °¡»ó¸Ó½Å ȯ°æ¿¡¼ ´Éµ¿ÀûÀ¸·Î À¥ ÆäÀÌÁö¸¦ ¹æ¹®ÇÏ¿© ÇàÀ§ ±â¹Ý(Áï, »óź¯°æ ±â¹Ý)À¸·Î ¾Ç¼º URLÀ» ºÐ¼®ÇÏ¿© ŽÁöÇÏ°í, ºí·¢¸®½ºÆ® ±â¹ÝÀ¸·Î ¾Ç¼º URLÀ» ÇÊÅ͸µÇÏ´Â ½Ã½ºÅÛÀ» ±¸ÇöÇÏ¿´´Ù. À̸¦ À§ÇØ, ¿ì¼± Å©·Ñ¸µ ½Ã½ºÅÛÀ» ±¸ÃàÇÏ¿© ´ë»ó URLÀ» È¿À²ÀûÀ¸·Î ¼öÁýÇÏ¿´´Ù. ƯÁ¤ ¼¹ö¿¡¼ ±¸µ¿µÇ´Â ¾Ç¼º URL ŽÁö ½Ã½ºÅÛÀº, ¼öÁýÇÑ À¥ÆäÀÌÁö¸¦ Á÷Á¢ ¹æ¹®ÇÏ¿© ¸Ó½ÅÀÇ »óÅ º¯°æÀ» °üÂû ºÐ¼®ÇÏ°í ¾Ç¼º ¿©ºÎ¸¦ ÆÇ´ÜÇÑ ÈÄ, ¾Ç¼º URL¿¡ ´ëÇÑ ºí·¢¸®½ºÆ®¸¦ »ý¼º¡¤°ü¸®ÇÑ´Ù. À¥ Ŭ¶óÀ̾ðÆ® ¸Ó½Å¿¡¼ ±¸µ¿µÇ´Â ¾Ç¼º URL ÇÊÅ͸µ ½Ã½ºÅÛÀº ºí·¢¸®½ºÆ® ±â¹ÝÀ¸·Î ¾Ç¼º URLÀ» ÇÊÅ͸µÇÑ´Ù. ¶ÇÇÑ, URLÀÇ ºÐ¼® ½Ã¿¡ ¸Þ½ÃÁö ¹Ú½º¸¦ ÀÚµ¿À¸·Î ó¸®ÇÔÀ¸·Î½á, ¼º´ÉÀ» Çâ»ó½ÃÄ×´Ù. ½ÇÇè °á°ú, °ÔÀÓ »çÀÌÆ®°¡ ´Ù¸¥ »çÀÌÆ®¿¡ ºñÇØ ¾Ç¼ººñÀ²ÀÌ ¾à 3¹è ¸¹¾ÒÀ¸¸ç, ÆÄÀÏ»ý¼º ¹× ·¹Áö½ºÆ®¸® Å° º¯°æ °ø°ÝÀÌ ¸¹À½À» È®ÀÎÇÒ ¼ö ÀÖ¾ú´Ù. |
¿µ¹®³»¿ë (English Abstract) |
According to the statistics of SecurityFocus in 2008, client-side attacks through the Microsoft Internet Explorer have increased by more than 50%. In this paper, we have implemented a behavior-based malicious web page detection system and a blacklist-based malicious web page filtering system. To do this, we first efficiently collected the target URLs by constructing a crawling system. The malicious URL detection system, run on a specific server, visits and renders actively the collected web pages under virtual machine environment. To detect whether each web page is malicious or not, the system state changes of the virtual machine are checked after rendering the page. If abnormal state changes are detected, we conclude the rendered web page is malicious, and insert it into the blacklist of malicious web pages. The malicious URL filtering system, run on the web client machine, filters malicious web pages based on the blacklist when a user visits web sites. We have enhanced system performance by automatically handling message boxes at the time of ULR analysis on the detection system. Experimental results show that the game sites contain up to three times more malicious pages than the other sites, and many attacks incur a file creation and a registry key modification. |
Å°¿öµå(Keyword) |
Ŭ¶óÀ̾ðÆ® Ãø °ø°Ý
¾Ç¼º URL ŽÁö
¾Ç¼º URL ÇÊÅ͸µ
°¡»ó¸Ó½Å
ºí·¢¸®½ºÆ®
¸Þ½ÃÁö ¹Ú½º
Client-side attack
Detecting Malicious URLs
Filtering Malicious URLs
Virtual Machine
Blacklist Message Box
|
ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|