2026-04-20T21:19:01Z
https://ipsj.ixsq.nii.ac.jp/oai
oai:ipsj.ixsq.nii.ac.jp:00217934
2025-01-19T15:19:53Z
581:10784:10790
Exploring Event-synced Navigation Attacks across User-generated Content Platforms in the Wild
Exploring Event-synced Navigation Attacks across User-generated Content Platforms in the Wild
Hiroki, Nakano
Daiki, Chiba
Takashi, Koide
Mitsuaki, Akiyama
Katsunari, Yoshioka
Tsutomu, Matsumoto
Hiroki, Nakano
Daiki, Chiba
Takashi, Koide
Mitsuaki, Akiyama
Katsunari, Yoshioka
Tsutomu, Matsumoto
[特集:情報システム論文] User-generated content, social engineering attacks, event-synced navigation attacks, phishing
The growth of user-generated content service platforms has led to people relying on user-generated content (UGC) rather than search engines when searching for and accessing information on the web. Attackers can also use UGC on a UGC service platform to disseminate web-based social engineering (SE) attacks to a large number of people. In this paper, we focus on an event-synced navigation attack, a type of web-based SE attack that generates UGC with links to malicious websites and distributes it synced with a real-life event at a specific time. To understand the attacks in the wild, we propose a three-step system to detect event-synced navigation attacks in real time by capturing the inevitable footprints left by attackers. We evaluate each step of the proposed system and determine that the proposed system can classify malicious and non-malicious UGC with 97% accuracy. In addition, we performed a comprehensive measurement study on event-synced navigation attacks spread from popular UGC platforms. We found that 34.1% of the fully qualified domain names of malicious websites associated with the event-synced navigation attack were spread from two or more UGC platforms. Finally, we also found that 87.8% of FQDN associated with well-known type of malicious websites (i.e., information theft, survey scams, suspicious browser plugin installations, etc.) survive for more than 100 days and that countermeasures taken by the UGC platform only covered 31.0% of the malicious UGC we detected in this study even though the malicious websites were accessed frequently.
------------------------------
This is a preprint of an article intended for publication Journal of
Information Processing(JIP). This preprint should not be cited. This
article should be cited as: Journal of Information Processing Vol.30(2022) (online)
DOI http://dx.doi.org/10.2197/ipsjjip.30.372
------------------------------
The growth of user-generated content service platforms has led to people relying on user-generated content (UGC) rather than search engines when searching for and accessing information on the web. Attackers can also use UGC on a UGC service platform to disseminate web-based social engineering (SE) attacks to a large number of people. In this paper, we focus on an event-synced navigation attack, a type of web-based SE attack that generates UGC with links to malicious websites and distributes it synced with a real-life event at a specific time. To understand the attacks in the wild, we propose a three-step system to detect event-synced navigation attacks in real time by capturing the inevitable footprints left by attackers. We evaluate each step of the proposed system and determine that the proposed system can classify malicious and non-malicious UGC with 97% accuracy. In addition, we performed a comprehensive measurement study on event-synced navigation attacks spread from popular UGC platforms. We found that 34.1% of the fully qualified domain names of malicious websites associated with the event-synced navigation attack were spread from two or more UGC platforms. Finally, we also found that 87.8% of FQDN associated with well-known type of malicious websites (i.e., information theft, survey scams, suspicious browser plugin installations, etc.) survive for more than 100 days and that countermeasures taken by the UGC platform only covered 31.0% of the malicious UGC we detected in this study even though the malicious websites were accessed frequently.
------------------------------
This is a preprint of an article intended for publication Journal of
Information Processing(JIP). This preprint should not be cited. This
article should be cited as: Journal of Information Processing Vol.30(2022) (online)
DOI http://dx.doi.org/10.2197/ipsjjip.30.372
------------------------------
journal article
2022-05-15
application/pdf
情報処理学会論文誌
5
63
1882-7764
AN00116647
https://ipsj.ixsq.nii.ac.jp/record/217934/files/IPSJ-JNL6305008.pdf
eng