摘要:As the web browsers are used in a broad range of applications recently, the damages caused by web exploit kits also increase, however, it is known to difficult to detect them. When a user accesses a web page infected by a web exploit kit, the page would be redirected to another page without the user's intention, and the new page would begin downloading a malicious code, thus having the malicious code make an intrusion damage on the system. In this paper, we analyze the infection path of a web exploit kit using open traffic data which have been captured on a victim system as well as some intermediate systems. We trace both the redirection process from the infected web page to another web pages and the downloading process at the malware distribution site, and show the visual information on the infection path in a graphical way. The graph information on infection path could be utilized to detect and countermeasure the web exploit kits.
关键词:web exploit kit; web browser; graph representation; packet traffic analysis
