WEKO3
アイテム
Exploring Event-synced Navigation Attacks across User-generated Content Platforms in the Wild
https://ipsj.ixsq.nii.ac.jp/records/217934
https://ipsj.ixsq.nii.ac.jp/records/2179346d172805-9b41-4c37-a766-0eb94460c432
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL6305008.pdf (2.5 MB)
|
Copyright (c) 2022 by the Information Processing Society of Japan
|
|
| オープンアクセス | ||
| Item type | Journal(1) | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2022-05-15 | |||||||||||||||||
| タイトル | ||||||||||||||||||
| タイトル | Exploring Event-synced Navigation Attacks across User-generated Content Platforms in the Wild | |||||||||||||||||
| タイトル | ||||||||||||||||||
| 言語 | en | |||||||||||||||||
| タイトル | Exploring Event-synced Navigation Attacks across User-generated Content Platforms in the Wild | |||||||||||||||||
| 言語 | ||||||||||||||||||
| 言語 | eng | |||||||||||||||||
| キーワード | ||||||||||||||||||
| 主題Scheme | Other | |||||||||||||||||
| 主題 | [特集:情報システム論文] User-generated content, social engineering attacks, event-synced navigation attacks, phishing | |||||||||||||||||
| 資源タイプ | ||||||||||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||||||||
| 資源タイプ | journal article | |||||||||||||||||
| 著者所属 | ||||||||||||||||||
| NTT/Yokohama National University/Presently with NTT Security (Japan) KK | ||||||||||||||||||
| 著者所属 | ||||||||||||||||||
| NTT/Presently with NTT Security (Japan) KK | ||||||||||||||||||
| 著者所属 | ||||||||||||||||||
| NTT/Presently with NTT Security (Japan) KK | ||||||||||||||||||
| 著者所属 | ||||||||||||||||||
| NTT | ||||||||||||||||||
| 著者所属 | ||||||||||||||||||
| Yokohama National University | ||||||||||||||||||
| 著者所属 | ||||||||||||||||||
| Yokohama National University | ||||||||||||||||||
| 著者所属(英) | ||||||||||||||||||
| en | ||||||||||||||||||
| NTT / Yokohama National University / Presently with NTT Security (Japan) KK | ||||||||||||||||||
| 著者所属(英) | ||||||||||||||||||
| en | ||||||||||||||||||
| NTT / Presently with NTT Security (Japan) KK | ||||||||||||||||||
| 著者所属(英) | ||||||||||||||||||
| en | ||||||||||||||||||
| NTT / Presently with NTT Security (Japan) KK | ||||||||||||||||||
| 著者所属(英) | ||||||||||||||||||
| en | ||||||||||||||||||
| NTT | ||||||||||||||||||
| 著者所属(英) | ||||||||||||||||||
| en | ||||||||||||||||||
| Yokohama National University | ||||||||||||||||||
| 著者所属(英) | ||||||||||||||||||
| en | ||||||||||||||||||
| Yokohama National University | ||||||||||||||||||
| 著者名 |
Hiroki, Nakano
× Hiroki, Nakano
× Daiki, Chiba
× Takashi, Koide
× Mitsuaki, Akiyama
× Katsunari, Yoshioka
× Tsutomu, Matsumoto
|
|||||||||||||||||
| 著者名(英) |
Hiroki, Nakano
× Hiroki, Nakano
× Daiki, Chiba
× Takashi, Koide
× Mitsuaki, Akiyama
× Katsunari, Yoshioka
× Tsutomu, Matsumoto
|
|||||||||||||||||
| 論文抄録 | ||||||||||||||||||
| 内容記述タイプ | Other | |||||||||||||||||
| 内容記述 | The growth of user-generated content service platforms has led to people relying on user-generated content (UGC) rather than search engines when searching for and accessing information on the web. Attackers can also use UGC on a UGC service platform to disseminate web-based social engineering (SE) attacks to a large number of people. In this paper, we focus on an event-synced navigation attack, a type of web-based SE attack that generates UGC with links to malicious websites and distributes it synced with a real-life event at a specific time. To understand the attacks in the wild, we propose a three-step system to detect event-synced navigation attacks in real time by capturing the inevitable footprints left by attackers. We evaluate each step of the proposed system and determine that the proposed system can classify malicious and non-malicious UGC with 97% accuracy. In addition, we performed a comprehensive measurement study on event-synced navigation attacks spread from popular UGC platforms. We found that 34.1% of the fully qualified domain names of malicious websites associated with the event-synced navigation attack were spread from two or more UGC platforms. Finally, we also found that 87.8% of FQDN associated with well-known type of malicious websites (i.e., information theft, survey scams, suspicious browser plugin installations, etc.) survive for more than 100 days and that countermeasures taken by the UGC platform only covered 31.0% of the malicious UGC we detected in this study even though the malicious websites were accessed frequently. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.30(2022) (online) DOI http://dx.doi.org/10.2197/ipsjjip.30.372 ------------------------------ |
|||||||||||||||||
| 論文抄録(英) | ||||||||||||||||||
| 内容記述タイプ | Other | |||||||||||||||||
| 内容記述 | The growth of user-generated content service platforms has led to people relying on user-generated content (UGC) rather than search engines when searching for and accessing information on the web. Attackers can also use UGC on a UGC service platform to disseminate web-based social engineering (SE) attacks to a large number of people. In this paper, we focus on an event-synced navigation attack, a type of web-based SE attack that generates UGC with links to malicious websites and distributes it synced with a real-life event at a specific time. To understand the attacks in the wild, we propose a three-step system to detect event-synced navigation attacks in real time by capturing the inevitable footprints left by attackers. We evaluate each step of the proposed system and determine that the proposed system can classify malicious and non-malicious UGC with 97% accuracy. In addition, we performed a comprehensive measurement study on event-synced navigation attacks spread from popular UGC platforms. We found that 34.1% of the fully qualified domain names of malicious websites associated with the event-synced navigation attack were spread from two or more UGC platforms. Finally, we also found that 87.8% of FQDN associated with well-known type of malicious websites (i.e., information theft, survey scams, suspicious browser plugin installations, etc.) survive for more than 100 days and that countermeasures taken by the UGC platform only covered 31.0% of the malicious UGC we detected in this study even though the malicious websites were accessed frequently. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.30(2022) (online) DOI http://dx.doi.org/10.2197/ipsjjip.30.372 ------------------------------ |
|||||||||||||||||
| 書誌レコードID | ||||||||||||||||||
| 収録物識別子タイプ | NCID | |||||||||||||||||
| 収録物識別子 | AN00116647 | |||||||||||||||||
| 書誌情報 |
情報処理学会論文誌 巻 63, 号 5, 発行日 2022-05-15 |
|||||||||||||||||
| ISSN | ||||||||||||||||||
| 収録物識別子タイプ | ISSN | |||||||||||||||||
| 収録物識別子 | 1882-7764 | |||||||||||||||||
