Analyzing the ecosystem of malicious URL redirection through longitudinal observation from honeypots
Today, websites are exposed to various threats that exploit their vulnerabilities. A compromised website will be used as a stepping-stone and will serve attackers' evil purposes. For instance, URL redirection mechanisms have been widely used as a means to perform web-based attacks covertly; i.e...
Saved in:
| Published in | Computers & Security Vol. 69; pp. 155 - 173 |
|---|---|
| Main Authors | , , , , |
| Format | Journal Article |
| Language | English |
| Published |
Amsterdam
Elsevier Ltd
01.08.2017
Elsevier BV Elsevier Sequoia S.A |
| Subjects | |
| Online Access | Get full text |
| ISSN | 0167-4048 1872-6208 1872-6208 |
| DOI | 10.1016/j.cose.2017.01.003 |
Cover
| Abstract | Today, websites are exposed to various threats that exploit their vulnerabilities. A compromised website will be used as a stepping-stone and will serve attackers' evil purposes. For instance, URL redirection mechanisms have been widely used as a means to perform web-based attacks covertly; i.e., an attacker injects a redirect code into a compromised website so that a victim who visits the site will be automatically navigated to a malware distribution site. Although many defense operations against malicious websites have been developed, we still encounter many active malicious websites today. As we will show in the paper, we infer that the reason is associated with the evolution of the ecosystem of malicious redirection.
Given this background, we aim to understand the evolution of the ecosystem through long-term measurement. To this end, we developed a honeypot-based monitoring system, which specializes in monitoring the behavior of URL redirections. We deployed the monitoring system across four years and collected more than 100K malicious redirect URLs, which were extracted from 776 distinct websites. Our chief findings can be summarized as follows: (1) Click-fraud has become another motivation for attackers to employ URL redirection, (2) The use of web-based domain generation algorithms (DGAs) has become popular as a means to increase the entropy of redirect URLs to thwart URL blacklisting, and (3) Both domain-flux and IP-flux are concurrently used for deploying the intermediate sites of redirect chains to ensure robustness of redirection.
Based on the results, we also present practical countermeasures against malicious URL redirections. Security/network operators can leverage useful information obtained from the honeypot-based monitoring system. For instance, they can disrupt infrastructures of web-based attack by taking down domain names extracted from the monitoring system. They can also collect web advertising/tracking IDs, which can be used to identify the criminals behind attacks. |
|---|---|
| AbstractList | Today, websites are exposed to various threats that exploit their vulnerabilities. A compromised website will be used as a stepping-stone and will serve attackers' evil purposes. For instance, URL redirection mechanisms have been widely used as a means to perform web-based attacks covertly; i.e., an attacker injects a redirect code into a compromised website so that a victim who visits the site will be automatically navigated to a malware distribution site. Although many defense operations against malicious websites have been developed, we still encounter many active malicious websites today. As we will show in the paper, we infer that the reason is associated with the evolution of the ecosystem of malicious redirection. Given this background, we aim to understand the evolution of the ecosystem through long-term measurement. To this end, we developed a honeypot-based monitoring system, which specializes in monitoring the behavior of URL redirections. We deployed the monitoring system across four years and collected more than 100K malicious redirect URLs, which were extracted from 776 distinct websites. Our chief findings can be summarized as follows: (1) Click-fraud has become another motivation for attackers to employ URL redirection, (2) The use of web-based domain generation algorithms (DGAs) has become popular as a means to increase the entropy of redirect URLs to thwart URL blacklisting, and (3) Both domain-flux and IP-flux are concurrently used for deploying the intermediate sites of redirect chains to ensure robustness of redirection. Based on the results, we also present practical countermeasures against malicious URL redirections. Security/network operators can leverage useful information obtained from the honeypot-based monitoring system. For instance, they can disrupt infrastructures of web-based attack by taking down domain names extracted from the monitoring system. They can also collect web advertising/tracking IDs, which can be used to identify the criminals behind attacks. Today, websites are exposed to various threats that exploit their vulnerabilities. A compromised website will be used as a stepping-stone and will serve attackers' evil purposes. For instance, URL redirection mechanisms have been widely used as a means to perform web-based attacks covertly; i.e., an attacker injects a redirect code into a compromised website so that a victim who visits the site will be automatically navigated to a malware distribution site. Although many defense operations against malicious websites have been developed, we still encounter many active malicious websites today. As we will show in the paper, we infer that the reason is associated with the evolution of the ecosystem of malicious redirection. Given this background, we aim to understand the evolution of the ecosystem through long-term measurement. To this end, we developed a honeypot-based monitoring system, which specializes in monitoring the behavior of URL redirections. We deployed the monitoring system across four years and collected more than 100K malicious redirect URLs, which were extracted from 776 distinct websites. Our chief findings can be summarized as follows: (1) Click-fraud has become another motivation for attackers to employ URL redirection, (2) The use of web-based domain generation algorithms (DGAs) has become popular as a means to increase the entropy of redirect URLs to thwart URL blacklisting, and (3) Both domain-flux and IP-flux are concurrently used for deploying the intermediate sites of redirect chains to ensure robustness of redirection. Based on the results, we also present practical countermeasures against malicious URL redirections. Security/network operators can leverage useful information obtained from the honeypot-based monitoring system. For instance, they can disrupt infrastructures of web-based attack by taking down domain names extracted from the monitoring system. They can also collect web advertising/tracking IDs, which can be used to identify the criminals behind attacks. |
| Author | Yada, Takeshi Yagi, Takeshi Akiyama, Mitsuaki Kadobayashi, Youki Mori, Tatsuya |
| Author_xml | – sequence: 1 givenname: Mitsuaki orcidid: 0000-0001-7052-8562 surname: Akiyama fullname: Akiyama, Mitsuaki email: akiyama.mitsuaki@lab.ntt.co.jp organization: NTT Secure Platform Laboratories, Tokyo, Japan – sequence: 2 givenname: Takeshi surname: Yagi fullname: Yagi, Takeshi organization: NTT Secure Platform Laboratories, Tokyo, Japan – sequence: 3 givenname: Takeshi surname: Yada fullname: Yada, Takeshi organization: NTT Secure Platform Laboratories, Tokyo, Japan – sequence: 4 givenname: Tatsuya surname: Mori fullname: Mori, Tatsuya organization: Waseda University, Tokyo, Japan – sequence: 5 givenname: Youki surname: Kadobayashi fullname: Kadobayashi, Youki organization: Nara Institute of Science and Technology, Ikoma, Nara, Japan |
| BackLink | https://cir.nii.ac.jp/crid/1870583642548537984$$DView record in CiNii |
| BookMark | eNqNkU9r3DAQxUVJoZu0X6AnQXu1O7IsW4ZeQug_WCiU5iy00mhXi1faSnaK--mrjXPqIfQiXX7vvZk31-QqxICEvGVQM2Ddh2NtYsa6AdbXwGoA_oJsmOybqmtAXpFNgfqqhVa-Itc5H6GAnZQbYm-DHpc_PuzpdECKxWbJE55odPSkR298nDO9_7GlCa1PaCYfQ0FTnPcHOsaw99NsfTGhcZcxPehHwKV4oocy43KOU35NXjo9Znzz9N-Q-8-fft59rbbfv3y7u91Wpu36qUJtcABELXaO7ZzlndRcOjE0HaKQbc-ZbYwAawbZcZAoCqsHC24n0IHlN4SvvnM46-W3Hkd1Tv6k06IYqEtR6qguRalLUQqYKkUV1btVdU7x14x5Usc4p7JRVmxoGzaA4KJQcqVMijkndMr46XHZKWk_Ph_Q_CP9r6ner6LgfYm6vOWeICTv2ka0UvB-kG3BPq4Yll4fPCaVjcdgno6lbPTPpfwF0euwoQ |
| CitedBy_id | crossref_primary_10_1016_j_cose_2024_103885 crossref_primary_10_1142_S1469026819500214 crossref_primary_10_1016_j_eswa_2020_114551 crossref_primary_10_3233_JIFS_190455 crossref_primary_10_1016_j_jksuci_2023_04_004 crossref_primary_10_1007_s13278_019_0582_x crossref_primary_10_1016_j_simpa_2020_100014 crossref_primary_10_1109_TIFS_2021_3080082 crossref_primary_10_1109_TDSC_2021_3068209 crossref_primary_10_2339_politeknik_933785 crossref_primary_10_1007_s10489_019_01433_4 crossref_primary_10_1109_TDSC_2021_3121388 crossref_primary_10_1145_3624568 crossref_primary_10_3390_app12010060 crossref_primary_10_1016_j_future_2020_06_054 |
| Cites_doi | 10.1109/TNET.2012.2184552 10.1007/s10207-014-0248-7 10.1587/transcom.E93.B.1131 |
| ContentType | Journal Article |
| Copyright | 2017 The Author(s) Copyright Elsevier Sequoia S.A. Aug 2017 |
| Copyright_xml | – notice: 2017 The Author(s) – notice: Copyright Elsevier Sequoia S.A. Aug 2017 |
| DBID | 6I. AAFTH RYH AAYXX CITATION 7SC 8FD JQ2 K7. L7M L~C L~D ADTOC UNPAY |
| DOI | 10.1016/j.cose.2017.01.003 |
| DatabaseName | ScienceDirect Open Access Titles Elsevier:ScienceDirect:Open Access CiNii Complete CrossRef Computer and Information Systems Abstracts Technology Research Database ProQuest Computer Science Collection ProQuest Criminal Justice (Alumni) Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional Unpaywall for CDI: Periodical Content Unpaywall |
| DatabaseTitle | CrossRef ProQuest Criminal Justice (Alumni) Technology Research Database Computer and Information Systems Abstracts – Academic ProQuest Computer Science Collection Computer and Information Systems Abstracts Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | ProQuest Criminal Justice (Alumni) |
| Database_xml | – sequence: 1 dbid: UNPAY name: Unpaywall url: https://proxy.k.utb.cz/login?url=https://unpaywall.org/ sourceTypes: Open Access Repository |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science Law |
| EISSN | 1872-6208 |
| EndPage | 173 |
| ExternalDocumentID | 10.1016/j.cose.2017.01.003 10_1016_j_cose_2017_01_003 S016740481730007X |
| GroupedDBID | --K --M -~X .DC .~1 0R~ 1B1 1RT 1~. 1~5 29F 4.4 457 4G. 5GY 5VS 6I. 7-5 71M 8P~ 9JN AACTN AAEDT AAEDW AAFTH AAIAV AAIKJ AAKOC AALRI AAOAW AAQFI AAQXK AAXUO AAYFN ABBOA ABFSI ABMAC ABXDB ABYKQ ACDAQ ACGFO ACGFS ACNNM ACRLP ACZNC ADBBV ADEZE ADHUB ADJOM ADMUD AEBSH AEKER AENEX AFFNX AFKWA AFTJW AGHFR AGUBO AGYEJ AHHHB AHZHX AIALX AIEXJ AIKHN AITUG AJBFU AJOXV ALMA_UNASSIGNED_HOLDINGS AMFUW AMRAJ AOUOD ASPBG AVWKF AXJTR AZFZN BKOJK BKOMP BLXMC CS3 DU5 E.L EBS EFJIC EFLBG EJD EO8 EO9 EP2 EP3 FDB FEDTE FGOYB FIRID FNPLU FYGXN G-2 G-Q GBLVA GBOLZ HLX HLZ HVGLF HZ~ IHE J1W KOM LG8 LG9 M41 MO0 MS~ N9A O-L O9- OAUVE OZT P-8 P-9 P2P PC. PQQKQ Q38 R2- RIG RNS ROL RPZ RXW SBC SBM SDF SDG SDP SES SEW SPC SPCBC SSV SSZ T5K TAE TN5 TWZ WH7 WUQ XJE XPP XSW YK3 ZMT ~G- AATTM AAXKI AAYWO ABJNI ACVFH ADCNI AEIPS AEUPX AFPUW AFXIZ AGCQF AGRNS AIIUN AKBMS AKRWK AKYEP ANKPU RYH SSH AAYXX ABWVN ACLOT ACRPL ADNMO AFJKZ AGQPQ AIGII APXCP CITATION EFKBS ~HD 7SC 8FD JQ2 K7. L7M L~C L~D ADTOC UNPAY |
| ID | FETCH-LOGICAL-c467t-eace90eea5bf1bfd368a38f5926ee584731d2c50dc986308e5eeaa9d0fb5ef0d3 |
| IEDL.DBID | .~1 |
| ISSN | 0167-4048 1872-6208 |
| IngestDate | Tue Aug 19 19:40:40 EDT 2025 Fri Jul 25 05:09:22 EDT 2025 Thu Apr 24 22:57:00 EDT 2025 Wed Oct 01 04:27:22 EDT 2025 Fri Jun 27 00:49:30 EDT 2025 Fri Feb 23 02:33:36 EST 2024 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Keywords | Compromised website Domain generation algorithm Drive-by download URL redirection Honeypot |
| Language | English |
| License | This is an open access article under the CC BY license. cc-by |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c467t-eace90eea5bf1bfd368a38f5926ee584731d2c50dc986308e5eeaa9d0fb5ef0d3 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| ORCID | 0000-0001-7052-8562 0000-0003-1583-4174 |
| OpenAccessLink | https://www.sciencedirect.com/science/article/pii/S016740481730007X |
| PQID | 1942190535 |
| PQPubID | 46289 |
| PageCount | 19 |
| ParticipantIDs | unpaywall_primary_10_1016_j_cose_2017_01_003 proquest_journals_1942190535 crossref_citationtrail_10_1016_j_cose_2017_01_003 crossref_primary_10_1016_j_cose_2017_01_003 nii_cinii_1870583642548537984 elsevier_sciencedirect_doi_10_1016_j_cose_2017_01_003 |
| ProviderPackageCode | CITATION AAYXX |
| PublicationCentury | 2000 |
| PublicationDate | August 2017 2017-08-01 2017-08-00 20170801 |
| PublicationDateYYYYMMDD | 2017-08-01 |
| PublicationDate_xml | – month: 08 year: 2017 text: August 2017 |
| PublicationDecade | 2010 |
| PublicationPlace | Amsterdam |
| PublicationPlace_xml | – name: Amsterdam |
| PublicationTitle | Computers & Security |
| PublicationYear | 2017 |
| Publisher | Elsevier Ltd Elsevier BV Elsevier Sequoia S.A |
| Publisher_xml | – name: Elsevier Ltd – name: Elsevier BV – name: Elsevier Sequoia S.A |
| References | (bib0045) 2011 Yadav, Reddy, Reddy, Ranjan (bib0225) 2010 Invernizzi, Benvenuti, Cova, Comparetti, Kruegel, Vigna (bib0100) 2012 Zhang, Yang, Xu, Gu (bib0235) 2012 Holz, Gorecki, Rieck, Freiling (bib0085) 2008 Yadav, Reddy (bib0220) 2011 Leder, Werner (bib0110) 2009 Shadowserver (bib0170) 2014 Blizard, Livic (bib0035) 2013 DNSDB (bib0055) Lee, Kim (bib0115) 2012 Trustwave (bib0210) 2013 Akiyama, Aoki, Kawakoya, Iwamura, Itoh (bib0010) 2010; E93-B Symantec Security Response Blog (bib0195) 2011 Araujo, Hamlen, Biedermann, Katzenbeisser (bib0025) 2014 Antonakakis, Perdisci, Nadji, Vasiloglou, Abu-Nimeh, Lee (bib0020) 2012 RiskAnalytics (bib0155) 2016 MALICIA Project (bib0125) 2013 Schwarz, Seber (bib0165) 1982 Schiavoni, Maggi, Cavallaro, Zanero (bib0160) 2014 fb1h2s (bib0075) 2014 Damballa (bib0050) 2012 Durumeric, Kasten, Adrian, Halderman, Bailey, Li (bib0065) 2014 Spitzner (bib0175) 2003 Stone-Gross, Cova, Cavallaro, Gilbert, Szydlowski, Kemmerer (bib0180) 2009 TrendMicro (bib0205) 2011 Provos, Mavrommatis, Rajab, Monrose (bib0145) 2008 Drupal (bib0060) 2011 Akiyama, Yagi, Aoki, Hariu, Kadobayashi (bib0015) 2013 Grier, Ballard, Caballero, Chachra, Dietrich, Levchenko (bib0080) 2012 Thomas, Bursztein, Grier, Ho, Jagpal, Kapravelos (bib0200) 2015 Honeynet Project (bib0090) 2008 Moshchuk, Bragin, Gribble, Levy (bib0130) 2006 Honeynet Project (bib0095) 2007 Rajab, Ballard, Jagpal, Mavrommatis, Nojiri, Provos (bib0150) 2011 Yadav, Reddy, Reddy, Ranjan (bib0230) 2012; 20 Kapravelos, Grier, Chachra, Kruegel, Vigna, Paxson (bib0105) 2014 Nappa, Rafique, Caballero (bib0135) 2015; 14 Bilge, Kirda, Kruegel, Balduzzi (bib0030) 2011 Websense Security Labs (bib0215) 2009 Canali, Balzarotti (bib0040) 2013 Eshete, Venkatakrishnan (bib0070) 2014 Passerini, Paleari, Martignoni, Bruschi (bib0140) 2008 Li, Zhang, Xie, Yu, Wang (bib0120) 2012 Stringhini, Kruegel, Vigna (bib0190) 2013 Nappa (10.1016/j.cose.2017.01.003_bib0135) 2015; 14 Holz (10.1016/j.cose.2017.01.003_bib0085) 2008 Durumeric (10.1016/j.cose.2017.01.003_bib0065) 2014 Lee (10.1016/j.cose.2017.01.003_bib0115) 2012 Yadav (10.1016/j.cose.2017.01.003_bib0225) 2010 Yadav (10.1016/j.cose.2017.01.003_bib0230) 2012; 20 Spitzner (10.1016/j.cose.2017.01.003_bib0175) Yadav (10.1016/j.cose.2017.01.003_bib0220) 2011 Honeynet Project (10.1016/j.cose.2017.01.003_bib0095) Leder (10.1016/j.cose.2017.01.003_bib0110) 2009 Li (10.1016/j.cose.2017.01.003_bib0120) 2012 Blizard (10.1016/j.cose.2017.01.003_bib0035) 2013 Kapravelos (10.1016/j.cose.2017.01.003_bib0105) 2014 Akiyama (10.1016/j.cose.2017.01.003_bib0015) 2013 Grier (10.1016/j.cose.2017.01.003_bib0080) 2012 Shadowserver (10.1016/j.cose.2017.01.003_bib0170) DNSDB (10.1016/j.cose.2017.01.003_bib0055) Thomas (10.1016/j.cose.2017.01.003_bib0200) 2015 Symantec Security Response Blog (10.1016/j.cose.2017.01.003_bib0195) Canali (10.1016/j.cose.2017.01.003_bib0040) 2013 Damballa (10.1016/j.cose.2017.01.003_bib0050) Passerini (10.1016/j.cose.2017.01.003_bib0140) 2008 Trustwave (10.1016/j.cose.2017.01.003_bib0210) Honeynet Project (10.1016/j.cose.2017.01.003_bib0090) 2008 Stringhini (10.1016/j.cose.2017.01.003_bib0190) 2013 Bilge (10.1016/j.cose.2017.01.003_bib0030) 2011 Schwarz (10.1016/j.cose.2017.01.003_bib0165) 1982 Stone-Gross (10.1016/j.cose.2017.01.003_bib0180) 2009 TrendMicro (10.1016/j.cose.2017.01.003_bib0205) Zhang (10.1016/j.cose.2017.01.003_bib0235) 2012 Drupal (10.1016/j.cose.2017.01.003_bib0060) MALICIA Project (10.1016/j.cose.2017.01.003_bib0125) RiskAnalytics (10.1016/j.cose.2017.01.003_bib0155) Schiavoni (10.1016/j.cose.2017.01.003_bib0160) 2014 Antonakakis (10.1016/j.cose.2017.01.003_bib0020) 2012 Moshchuk (10.1016/j.cose.2017.01.003_bib0130) 2006 Websense Security Labs (10.1016/j.cose.2017.01.003_bib0215) 2009 Invernizzi (10.1016/j.cose.2017.01.003_bib0100) 2012 Eshete (10.1016/j.cose.2017.01.003_bib0070) 2014 Provos (10.1016/j.cose.2017.01.003_bib0145) 2008 Rajab (10.1016/j.cose.2017.01.003_bib0150) Araujo (10.1016/j.cose.2017.01.003_bib0025) 2014 fb1h2s (10.1016/j.cose.2017.01.003_bib0075) Akiyama (10.1016/j.cose.2017.01.003_bib0010) 2010; E93-B |
| References_xml | – year: 2013 ident: bib0040 article-title: Behind the scenes of online attacks: an analysis of exploitation behaviors on the web – year: 2007 ident: bib0095 article-title: Know your enemy: fast-flux service networks – year: 1982 ident: bib0165 article-title: The estimation of animal abundance and related parameters – year: 2009 ident: bib0215 article-title: Mass injection – Nine-Ball compromises more than 40,000 Legitimate Web sites – year: 2015 ident: bib0200 article-title: Ad injection at scale: assessing deceptive advertisement modifications – year: 2013 ident: bib0210 article-title: Look what I found: Moar Pony! – year: 2014 ident: bib0160 article-title: Phoenix: DGA-based botnet tracking and intelligence – year: 2009 ident: bib0180 article-title: Your botnet is my botnet: analysis of a botnet takeover – year: 2011 ident: bib0045 article-title: Lessons learned June 2010 – year: 2012 ident: bib0080 article-title: Manufacturing compromise: the emergence of exploit-as-a-service – year: 2006 ident: bib0130 article-title: A crawler-based study of spyware on the web – year: 2012 ident: bib0120 article-title: Knowing your enemy: understanding and detecting malicious web advertising – year: 2013 ident: bib0125 – year: 2011 ident: bib0205 article-title: Traffic direction systems as malware distribution tools – year: 2012 ident: bib0235 article-title: PoisonAmplifier: a guided approach of discovering compromised websites through reversing search poisoning attacks – year: 2012 ident: bib0100 article-title: EvilSeed: a guided approach to finding malicious web pages – year: 2008 ident: bib0140 article-title: FluXOR: detecting and monitoring fast-flux service networks – year: 2014 ident: bib0070 article-title: WebWinnow: leveraging exploit kit workflows to detect malicious URLs – year: 2003 ident: bib0175 article-title: Honeytokens: the other honeypot – year: 2014 ident: bib0065 article-title: The matter of heartbleed – year: 2010 ident: bib0225 article-title: Detecting algorithmically generated malicious domain names – year: 2008 ident: bib0085 article-title: Measuring and detecting fast-flux service networks – volume: 20 start-page: 1663 year: 2012 end-page: 1677 ident: bib0230 article-title: Detecting algorithmically generated domain-flux attacks with DNS traffic analysis publication-title: IEEE/ACM Trans Netw – year: 2008 ident: bib0145 article-title: All your iFRAMEs point to us – year: 2014 ident: bib0170 article-title: Gameover Zeus – year: 2016 ident: bib0155 article-title: Dark cloud network facilitates crimeware – year: 2011 ident: bib0030 article-title: EXPOSURE: finding malicious domains using passive DNS analysis – year: 2013 ident: bib0035 article-title: Click-fraud monetizing malware: a survey and case study – year: 2012 ident: bib0050 article-title: DGAs in the hands of cyber-criminals – year: 2012 ident: bib0020 article-title: From throw-away traffic to bots: detecting the rise of DGA-based malware – year: 2011 ident: bib0220 article-title: Winning with DNS failures: strategies for faster botnet detection – year: 2012 ident: bib0115 article-title: WarningBird: detecting suspicious URLs in Twitter stream – year: 2013 ident: bib0190 article-title: Shady paths: leveraging surfing crowds to detect malicious web pages – year: 2014 ident: bib0025 article-title: From patches to honey-patches: lightweight attacker misdirection, deception, and disinformation – year: 2013 ident: bib0015 article-title: Active credential leakage for observing web-based attack cycle – year: 2011 ident: bib0060 article-title: Two-factor authentication (TFA) – year: 2009 ident: bib0110 article-title: Know your enemy: containing conficker – ident: bib0055 article-title: Farsight security – year: 2008 ident: bib0090 article-title: Capture-HPC – volume: 14 start-page: 15 year: 2015 end-page: 33 ident: bib0135 article-title: The MALICIA dataset: identification and analysis of drive-by download operations publication-title: Int J Inf Secur – volume: E93-B start-page: 1131 year: 2010 end-page: 1139 ident: bib0010 article-title: Design and implementation of high interaction client honeypot for drive-by-download attacks publication-title: IEICE Trans Commun – year: 2011 ident: bib0195 article-title: Web-based malware distribution channels: a look at traffic redistribution systems – year: 2014 ident: bib0105 article-title: Hulk: eliciting malicious behavior in browser extensions – year: 2014 ident: bib0075 article-title: Sandy: opensource exploit analysis framework – year: 2011 ident: bib0150 article-title: Trends in circumventing web-malware detection – ident: 10.1016/j.cose.2017.01.003_bib0125 – ident: 10.1016/j.cose.2017.01.003_bib0155 – year: 2009 ident: 10.1016/j.cose.2017.01.003_bib0180 – year: 2009 ident: 10.1016/j.cose.2017.01.003_bib0215 – volume: 20 start-page: 1663 issue: 5 year: 2012 ident: 10.1016/j.cose.2017.01.003_bib0230 article-title: Detecting algorithmically generated domain-flux attacks with DNS traffic analysis publication-title: IEEE/ACM Trans Netw doi: 10.1109/TNET.2012.2184552 – year: 2012 ident: 10.1016/j.cose.2017.01.003_bib0020 – year: 2013 ident: 10.1016/j.cose.2017.01.003_bib0015 – ident: 10.1016/j.cose.2017.01.003_bib0050 – year: 2012 ident: 10.1016/j.cose.2017.01.003_bib0235 – year: 2013 ident: 10.1016/j.cose.2017.01.003_bib0035 – year: 1982 ident: 10.1016/j.cose.2017.01.003_bib0165 – year: 2013 ident: 10.1016/j.cose.2017.01.003_bib0040 – year: 2012 ident: 10.1016/j.cose.2017.01.003_bib0115 – year: 2011 ident: 10.1016/j.cose.2017.01.003_bib0220 – ident: 10.1016/j.cose.2017.01.003_bib0055 – ident: 10.1016/j.cose.2017.01.003_bib0170 – ident: 10.1016/j.cose.2017.01.003_bib0150 – ident: 10.1016/j.cose.2017.01.003_bib0205 – year: 2010 ident: 10.1016/j.cose.2017.01.003_bib0225 – year: 2014 ident: 10.1016/j.cose.2017.01.003_bib0025 – ident: 10.1016/j.cose.2017.01.003_bib0210 – year: 2014 ident: 10.1016/j.cose.2017.01.003_bib0160 – ident: 10.1016/j.cose.2017.01.003_bib0075 – volume: 14 start-page: 15 issue: 1 year: 2015 ident: 10.1016/j.cose.2017.01.003_bib0135 article-title: The MALICIA dataset: identification and analysis of drive-by download operations publication-title: Int J Inf Secur doi: 10.1007/s10207-014-0248-7 – year: 2014 ident: 10.1016/j.cose.2017.01.003_bib0065 – year: 2012 ident: 10.1016/j.cose.2017.01.003_bib0120 – year: 2015 ident: 10.1016/j.cose.2017.01.003_bib0200 – year: 2009 ident: 10.1016/j.cose.2017.01.003_bib0110 – year: 2011 ident: 10.1016/j.cose.2017.01.003_bib0030 – ident: 10.1016/j.cose.2017.01.003_bib0060 – year: 2012 ident: 10.1016/j.cose.2017.01.003_bib0080 – year: 2008 ident: 10.1016/j.cose.2017.01.003_bib0140 – ident: 10.1016/j.cose.2017.01.003_bib0195 – year: 2008 ident: 10.1016/j.cose.2017.01.003_bib0085 – year: 2013 ident: 10.1016/j.cose.2017.01.003_bib0190 – year: 2012 ident: 10.1016/j.cose.2017.01.003_bib0100 – year: 2008 ident: 10.1016/j.cose.2017.01.003_bib0145 – year: 2008 ident: 10.1016/j.cose.2017.01.003_bib0090 – year: 2014 ident: 10.1016/j.cose.2017.01.003_bib0105 – year: 2006 ident: 10.1016/j.cose.2017.01.003_bib0130 – volume: E93-B start-page: 1131 year: 2010 ident: 10.1016/j.cose.2017.01.003_bib0010 article-title: Design and implementation of high interaction client honeypot for drive-by-download attacks publication-title: IEICE Trans Commun doi: 10.1587/transcom.E93.B.1131 – ident: 10.1016/j.cose.2017.01.003_bib0175 – year: 2014 ident: 10.1016/j.cose.2017.01.003_bib0070 – ident: 10.1016/j.cose.2017.01.003_bib0095 |
| SSID | ssj0017688 ssib006540181 ssib007615843 |
| Score | 2.299175 |
| Snippet | Today, websites are exposed to various threats that exploit their vulnerabilities. A compromised website will be used as a stepping-stone and will serve... |
| SourceID | unpaywall proquest crossref nii elsevier |
| SourceType | Open Access Repository Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 155 |
| SubjectTerms | Compromised website Computer Science(all) Cybersecurity Domain generation algorithm Domain names Drive-by download Ecological monitoring Environmental engineering Evolution Fraud Honeypot Law Malware Monitoring systems Network security Studies URL redirection URLs Websites |
| SummonAdditionalLinks | – databaseName: Unpaywall dbid: UNPAY link: http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3da9swEBdb8rCnpd0Hy0iGHvq2uciWZcuPpTSE0YYxFsiehD5ZtswOjcNo_vqdbDm0Yw3pi8FwsmXdSXdnnX4_hM5yJ1OIgl2UGchNUq1MVBC4VSqWlOZckobO52aWTefp5wVbBJgcfxbmwf59U4fl67Z9CVbewGt6YM9-xiDu7qH-fPbl4vsevJs0VFkxz5MoSwgPJ2T-_5DHvNDzcrl8EGu-2JZrefdHrlb33M5k0PIXbRq0Ql9t8ut8W6tzvfsHy_G4LzpBL0P0iS9aczlFz2z5Cg06ZgccJvprZBqskh24NQwBIoYUtUV8xpXDvyFy175yFs-_XuNb2zpFUC8OnD94VXkSpK3xhFu4Uvv_vtifZcE_qtLerat68wbNJ1ffLqdR4GOINCyndQRrtC2ItZIpFytnaMYl5Y4VSWat326lsUk0I0YXPKOEWwaysjDEKWYdMfQt6pXwjncIO-K41UrbOHGpVEy6zBgQSizlhKfpEMWdfoQOYOWeM2Mluqq0n8IPo_DDKEjsIU6H6OO-zbqF6jgozTq1ixBstOMlQGEH243BRqBT_grGRhinkMNB4sdoXnDo-aizHhGWg42IixQ8g4fSGaJPe4s6opfvnyY-Qr36dmvHECfV6kOYIH8BBZsOOA priority: 102 providerName: Unpaywall |
| Title | Analyzing the ecosystem of malicious URL redirection through longitudinal observation from honeypots |
| URI | https://dx.doi.org/10.1016/j.cose.2017.01.003 https://cir.nii.ac.jp/crid/1870583642548537984 https://www.proquest.com/docview/1942190535 https://doi.org/10.1016/j.cose.2017.01.003 |
| UnpaywallVersion | publishedVersion |
| Volume | 69 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVESC databaseName: Baden-Württemberg Complete Freedom Collection (Elsevier) customDbUrl: eissn: 1872-6208 dateEnd: 99991231 omitProxy: true ssIdentifier: ssj0017688 issn: 0167-4048 databaseCode: GBLVA dateStart: 20110101 isFulltext: true titleUrlDefault: https://www.sciencedirect.com providerName: Elsevier – providerCode: PRVESC databaseName: Elsevier SD Complete Freedom Collection [SCCMFC] customDbUrl: eissn: 1872-6208 dateEnd: 99991231 omitProxy: true ssIdentifier: ssj0017688 issn: 0167-4048 databaseCode: ACRLP dateStart: 19950101 isFulltext: true titleUrlDefault: https://www.sciencedirect.com providerName: Elsevier – providerCode: PRVESC databaseName: Elsevier SD Freedom Collection Journals [SCFCJ] customDbUrl: eissn: 1872-6208 dateEnd: 99991231 omitProxy: true ssIdentifier: ssj0017688 issn: 0167-4048 databaseCode: AIKHN dateStart: 19950101 isFulltext: true titleUrlDefault: https://www.sciencedirect.com providerName: Elsevier – providerCode: PRVESC databaseName: Science Direct customDbUrl: eissn: 1872-6208 dateEnd: 99991231 omitProxy: true ssIdentifier: ssj0017688 issn: 0167-4048 databaseCode: .~1 dateStart: 19950101 isFulltext: true titleUrlDefault: https://www.sciencedirect.com providerName: Elsevier – providerCode: PRVLSH databaseName: Elsevier Journals customDbUrl: mediaType: online eissn: 1872-6208 dateEnd: 99991231 omitProxy: true ssIdentifier: ssj0017688 issn: 0167-4048 databaseCode: AKRWK dateStart: 19820101 isFulltext: true providerName: Library Specific Holdings |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV3Pb9MwFLbGdoALMH6Ijm3ygRuE2nWcOMdqYup-UCGgUjlZdmxrRSWptlbTOPC3817iREyTJrRLIke28uRnPz8nn7-PkHd5MClkwSHJHOxN0tK6pGBQtJYbIXJlWCPn83maTWbp6VzOt8hRdxYGYZUx9rcxvYnW8ckw9uZwtVgMvzUAeqQ7Qcp1ls_xBHuao4rBxz89zINDOq16fm-oHQ_OtBgvxIQjvCtvqDs74ay7i9OjarG4lYI-3lQrc3Ntlst_VqPj5-RpTCPpuLV0l2z56gV51kk00DhjXxLXkI78hvWJQqZHYa_ZUjfTOtBfkIKXCIGls6_n9DL2BPiJRvEeuqxRzWjjUDmL1rb_gEvxUAq9qCt_s6rXV6_I7PjT96NJEoUVkhLi4jqBYOsL5r2RNnAbnMiUESrIYpR5j_9NBXejUjJXFioTTHkJdU3hWLDSB-bEa7JdwTveEBpYUL60peejkBorTcicg0ojLxRTaTogvOtRXUbWcRS_WOoOXvZToxc0ekEzjlylA_K-b7NqOTfurS07R-lbI0fDonBvuwPwKhiFVw5hSyoBmzHYwUmRFwos3-_8reO8vtK8SCHEIyfOgHzox8B_WLn3QCvfkidYaiGH-2R7fbnxB5AGre1hM84Pyc745Gwyhfts-mX84y9u7wjc |
| linkProvider | Elsevier |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1Lb9QwELbacigX3qhb2uIDNwhrx3HiHFFFtYVtD9CV9mbZsa1utSSrdldVOfDbmUmciAqpQlwiJZkoI489j-TzN4S8K4LJIAsOSe6gNskq65KSwam13AhRKMPadj5n5_lkln2Zy_kWOe73wiCsMvr-zqe33jpeGcfRHK8Wi_H3FkCPdCdIuc6K-TZ5lMm0wArs468B58Ehn1YDwTeIx50zHcgLQeGI7ypa7s6-c9bf0Wm7Xizu5aC7m3pl7m7NcvlHODp5Rp7EPJJ-6lR9TrZ8_YI87Xs00LhkXxLXso78hABFIdWjUGx23M20CfQH5OAVYmDp7NuUXsehAEPR2L2HLhtsZ7Rx2DqLNnb4gktxVwq9bGp_t2rWN6_I7OTzxfEkiZ0Vkgoc4zoBb-tL5r2RNnAbnMiVESrIMs29xx-ngru0ksxVpcoFU16CrCkdC1b6wJx4TXZqeMceoYEF5StbeZ6GzFhpQu4cCKVeKKaybER4P6K6irTj2P1iqXt82ZVGK2i0gmYcyUpH5P3wzKoj3XhQWvaG0vemjoao8OBzh2BVUAqPHPyWVAKqMSjhpChKBZof9PbWcWHfaF5m4OORFGdEPgxz4B-03P9PLd-S3cnF2VRPT8-_viGP8U6HPzwgO-vrjT-EnGhtj9o5_xsvugjB |
| linkToUnpaywall | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3da9swEBdb8rCnpd0Hy0iGHvq2uciWZcuPpTSE0YYxFsiehD5ZtswOjcNo_vqdbDm0Yw3pi8FwsmXdSXdnnX4_hM5yJ1OIgl2UGchNUq1MVBC4VSqWlOZckobO52aWTefp5wVbBJgcfxbmwf59U4fl67Z9CVbewGt6YM9-xiDu7qH-fPbl4vsevJs0VFkxz5MoSwgPJ2T-_5DHvNDzcrl8EGu-2JZrefdHrlb33M5k0PIXbRq0Ql9t8ut8W6tzvfsHy_G4LzpBL0P0iS9aczlFz2z5Cg06ZgccJvprZBqskh24NQwBIoYUtUV8xpXDvyFy175yFs-_XuNb2zpFUC8OnD94VXkSpK3xhFu4Uvv_vtifZcE_qtLerat68wbNJ1ffLqdR4GOINCyndQRrtC2ItZIpFytnaMYl5Y4VSWat326lsUk0I0YXPKOEWwaysjDEKWYdMfQt6pXwjncIO-K41UrbOHGpVEy6zBgQSizlhKfpEMWdfoQOYOWeM2Mluqq0n8IPo_DDKEjsIU6H6OO-zbqF6jgozTq1ixBstOMlQGEH243BRqBT_grGRhinkMNB4sdoXnDo-aizHhGWg42IixQ8g4fSGaJPe4s6opfvnyY-Qr36dmvHECfV6kOYIH8BBZsOOA |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Analyzing+the+ecosystem+of+malicious+URL+redirection+through+longitudinal+observation+from+honeypots&rft.jtitle=Computers+%26+security&rft.au=Akiyama%2C+Mitsuaki&rft.au=Yagi%2C+Takeshi&rft.au=Yada%2C+Takeshi&rft.au=Mori%2C+Tatsuya&rft.date=2017-08-01&rft.pub=Elsevier+Ltd&rft.issn=0167-4048&rft.eissn=1872-6208&rft.volume=69&rft.spage=155&rft.epage=173&rft_id=info:doi/10.1016%2Fj.cose.2017.01.003&rft.externalDocID=S016740481730007X |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0167-4048&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0167-4048&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0167-4048&client=summon |