Open AccessLoGos: Internet‐Explorer‐Based Malicious Webpage Detection
Author(s) -
Kim Sungjin,
Kim Sungkyu,
Kim Dohoon
Publication year - 2017
Publication title -
etri journal
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.295
H-Index - 46
eISSN - 2233-7326
pISSN - 1225-6463
DOI - 10.4218/etrij.17.0116.0810
Subject(s) - malware , logos bible software , computer science , the internet , web page , realm , world wide web , task (project management) , computer security , engineering , operating system , systems engineering , political science , law
Malware propagated via the World Wide Web is one of the most dangerous tools in the realm of cyber‐attacks. Its methodologies are effective, relatively easy to use, and are developing constantly in an unexpected manner. As a result, rapidly detecting malware propagation websites from a myriad of webpages is a difficult task. In this paper, we present LoGos, an automated high‐interaction dynamic analyzer optimized for a browser‐based Windows virtual machine environment. LoGos utilizes Internet Explorer injection and API hooks, and scrutinizes malicious behaviors such as new network connections, unused open ports, registry modifications, and file creation. Based on the obtained results, LoGos can determine the maliciousness level. This model forms a very lightweight system. Thus, it is approximately 10 to 18 times faster than systems proposed in previous work. In addition, it provides high detection rates that are equal to those of state‐of‐the‐art tools. LoGos is a closed tool that can detect an extensive array of malicious webpages. We prove the efficiency and effectiveness of the tool by analyzing almost 0.36 M domains and 3.2 M webpages on a daily basis.