{"id":217934,"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00217934","sets":["581:10784:10790"]},"path":["10790"],"owner":"44499","recid":"217934","title":["Exploring Event-synced Navigation Attacks across User-generated Content Platforms in the Wild "],"pubdate":{"attribute_name":"公開日","attribute_value":"2022-05-15"},"_buckets":{"deposit":"6bc2c767-605a-43c0-aaaa-3ba35ad432eb"},"_deposit":{"id":"217934","pid":{"type":"depid","value":"217934","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"Exploring Event-synced Navigation Attacks across User-generated Content Platforms in the Wild ","author_link":["565566","565573","565567","565574","565575","565564","565572","565568","565570","565565","565571","565569"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"Exploring Event-synced Navigation Attacks across User-generated Content Platforms in the Wild "},{"subitem_title":"Exploring Event-synced Navigation Attacks across User-generated Content Platforms in the Wild ","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[特集:情報システム論文] User-generated content, social engineering attacks, event-synced navigation attacks, phishing","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2022-05-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"NTT／Yokohama National University／Presently with NTT Security (Japan) KK"},{"subitem_text_value":"NTT／Presently with NTT Security (Japan) KK"},{"subitem_text_value":"NTT／Presently with NTT Security (Japan) KK"},{"subitem_text_value":"NTT"},{"subitem_text_value":"Yokohama National University"},{"subitem_text_value":"Yokohama National University"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"NTT / Yokohama National University / Presently with NTT Security (Japan) KK","subitem_text_language":"en"},{"subitem_text_value":"NTT / Presently with NTT Security (Japan) KK","subitem_text_language":"en"},{"subitem_text_value":"NTT / Presently with NTT Security (Japan) KK","subitem_text_language":"en"},{"subitem_text_value":"NTT","subitem_text_language":"en"},{"subitem_text_value":"Yokohama National University","subitem_text_language":"en"},{"subitem_text_value":"Yokohama National University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"eng"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/217934/files/IPSJ-JNL6305008.pdf","label":"IPSJ-JNL6305008.pdf"},"date":[{"dateType":"Available","dateValue":"2024-05-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL6305008.pdf","filesize":[{"value":"2.5 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"5"},{"tax":["include_tax"],"price":"0","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"795b3deb-f68b-4ffe-96db-08d34b38f1b5","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2022 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Hiroki, Nakano"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Daiki, Chiba"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takashi, Koide"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Mitsuaki, Akiyama"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Katsunari, Yoshioka"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tsutomu, Matsumoto"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Hiroki, Nakano","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Daiki, Chiba","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takashi, Koide","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Mitsuaki, Akiyama","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Katsunari, Yoshioka","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tsutomu, Matsumoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"The growth of user-generated content service platforms has led to people relying on user-generated content (UGC) rather than search engines when searching for and accessing information on the web. Attackers can also use UGC on a UGC service platform to disseminate web-based social engineering (SE) attacks to a large number of people. In this paper, we focus on an event-synced navigation attack, a type of web-based SE attack that generates UGC with links to malicious websites and distributes it synced with a real-life event at a specific time. To understand the attacks in the wild, we propose a three-step system to detect event-synced navigation attacks in real time by capturing the inevitable footprints left by attackers. We evaluate each step of the proposed system and determine that the proposed system can classify malicious and non-malicious UGC with 97% accuracy. In addition, we performed a comprehensive measurement study on event-synced navigation attacks spread from popular UGC platforms. We found that 34.1% of the fully qualified domain names of malicious websites associated with the event-synced navigation attack were spread from two or more UGC platforms. Finally, we also found that 87.8% of FQDN associated with well-known type of malicious websites (i.e., information theft, survey scams, suspicious browser plugin installations, etc.) survive for more than 100 days and that countermeasures taken by the UGC platform only covered 31.0% of the malicious UGC we detected in this study even though the malicious websites were accessed frequently.\n------------------------------\nThis is a preprint of an article intended for publication Journal of\nInformation Processing(JIP). This preprint should not be cited. This\narticle should be cited as: Journal of Information Processing Vol.30(2022) (online)\nDOI　http://dx.doi.org/10.2197/ipsjjip.30.372\n------------------------------","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"The growth of user-generated content service platforms has led to people relying on user-generated content (UGC) rather than search engines when searching for and accessing information on the web. Attackers can also use UGC on a UGC service platform to disseminate web-based social engineering (SE) attacks to a large number of people. In this paper, we focus on an event-synced navigation attack, a type of web-based SE attack that generates UGC with links to malicious websites and distributes it synced with a real-life event at a specific time. To understand the attacks in the wild, we propose a three-step system to detect event-synced navigation attacks in real time by capturing the inevitable footprints left by attackers. We evaluate each step of the proposed system and determine that the proposed system can classify malicious and non-malicious UGC with 97% accuracy. In addition, we performed a comprehensive measurement study on event-synced navigation attacks spread from popular UGC platforms. We found that 34.1% of the fully qualified domain names of malicious websites associated with the event-synced navigation attack were spread from two or more UGC platforms. Finally, we also found that 87.8% of FQDN associated with well-known type of malicious websites (i.e., information theft, survey scams, suspicious browser plugin installations, etc.) survive for more than 100 days and that countermeasures taken by the UGC platform only covered 31.0% of the malicious UGC we detected in this study even though the malicious websites were accessed frequently.\n------------------------------\nThis is a preprint of an article intended for publication Journal of\nInformation Processing(JIP). This preprint should not be cited. This\narticle should be cited as: Journal of Information Processing Vol.30(2022) (online)\nDOI　http://dx.doi.org/10.2197/ipsjjip.30.372\n------------------------------","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicIssueDates":{"bibliographicIssueDate":"2022-05-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"5","bibliographicVolumeNumber":"63"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"updated":"2025-01-19T15:19:53.819554+00:00","created":"2025-01-19T01:18:21.502413+00:00","links":{}}