Protocol and Method for Preventing Attacks from the Web

Nowadays, computer worms, viruses and Trojan horse become popular, and they are collectively called malware. Those malware just spoiled computers by deleting or rewriting important files a decade ago. However, recent malware seems to be born to earn money. Some of malware work for collecting personal information so that malicious people can find secret information such as password for online banking, evidence for a scandal or contact address which relates with the target. Moreover, relation between money and malware becomes more complex. Many kinds of malware bear bots to get springboards. Meanwhile, for ordinary internet users, countermeasures against malware come up against a blank wall. Pattern matching becomes too much waste of computer resources, since matching tools have to deal with a lot of patterns derived from subspecies. Virus making tools can automatically bear subspecies of malware. Moreover, metamorphic and polymorphic malware are no longer special. Recently there appears malware checking sites that check contents in place of users' PC. However, there appears a new type of malicious sites that avoids check by malware checking sites. In this paper, existing protocols and methods related with the web are reconsidered in terms of protection from current attacks, and new protocol and method are indicated for the purpose of security of the web.

Authors:

• Ryuya Uda

Keywords:

• Information Security
• Malware
• Network Security
• World Wide Web

References:

[1] LinkScannerOnline,
http://linkscanner.explabs.com/linkscanner/default.aspx
[2] Dr. Web Online, http://online.us.drweb.com/?url=1
[3] Unmask Parasites (beta), http://www.unmaskparasites.com/
[4] vURL Online, http://vurldissect.co.uk/
[5] aguse, http://www.aguse.jp/ (Japanese)
[6] gred, http://www.gred.jp/ (Japanese)
[7] K. Yoshioka, Y. Hosobuchi, T. Orii, T. Matsumoto, "Vulnerability in
Public Malware Sandbox Analysis Systems", in Proc. 2010 10th
IEEE/IPSJ International Symposium on Applications and the Internet,
2010, pp.265-268.
[8] T. Kasama, T. Orii, K. Yoshioka, T. Matsumoto, "Vulnerability of
Malware Sandbox Analysis as an Online Service (Part 2)", IPSJ Anti
Malware Engineering Workshop 2010, 2E1-1 (Japanese).
[9] U. Bayer, C. Kruegel, E. Kirda, "TTAnalyze: A Tool for Analyzing
Malware", in Proc. 15th Annual Conference of the European Institute for
Computer Antivirus Research (EICAR), 2006.
[10] D. Inoue, K. Yoshioka, M. Eto, Y. Hoshizawa, K. Nalao, "Automated
Malware Analysis System and its Sandbox for Revealing Malware's
Internal and External Activities", IEICE Trans. Vol.E92D, No.5,
pp.945-954, 2009.
[11] S. Miwa, T. Miyachi, M. Eto, M. Yoshizumi, Y. Shinoda, "Design and
Implementation of an Isolated Sandbox with Mimetic Internet Used to
Analyze Malwares", in Proc. DETER Community Workshop on Cyber
Security Experimentation and Test 2007, pp.6, 2007.
[12] C. Willems, T. Holz, F. Freiling, "Toward Automated Dynamic Malware
Analysis Using CWSandbox", Security & Privacy Magazine, IEEE,
Vol.5, Issue 2, pp.32-39, 2007.
[13] K. Yoshioka, T. Matsumoto, "Multi-pass Malware Sandbox Analysis
with Controlled Internet Connection", IEICE Trans. E93A No.1,
pp.210-218, 2010.
[14] NormanSandbox, http://www.norman.com/technology/norman_sandbox/
[15] Anubis, http://analysis.seclab.tuwien.ac.at/
[16] ITU-T Recommendation X.200, 1994.