In the case of drive-by download attacks, most malicious web sites identify the software environment of the clients and change their behavior. Then we cannot always obtain sufficient information appropriate to the client organization by automatic dynamic analysis in open services. It is required to prepare for expected incidents caused by re-accessing same malicious web sites from the other client in the organization. To authors' knowledge, there is no study of utilizing analysis results of malicious web sites for digital forensic on the incident and hedging the risk of expected incident in the organization. In this paper, we propose a system for evaluating the impact of accessing malicious web sites by using the results of multi-environment analysis. Furthermore, we report the results of evaluating malicious web sites by the multi-environment analysis system, and show how to utilize analysis results for forensic analysis and risk hedge based on actual cases of analyzing malicious web sites.
We propose a method for efficiently detecting phishing attacks in mobile environments. When a user visits a website of a certain URL, the proposed method first compares the URL to a generated whitelist. If the URL is not in the whitelist, it detects if the site is a phishing site based on the results of Google search with a carefully refined URL. In addition, the phishing detection is performed only when the user provides input to the website, thereby reducing the frequency of invoking phishing detection to decrease the amount of power used. We implemented the proposed method and used 8315 phishing sites and the same number of legitimate websites for evaluating the performance of the proposed method. We achieved a phishing detection rate of 99.22% with 81.22% reduction in energy consumption as compared to existing approaches that also use search engine for phishing detection. Moreover, because the proposed method does not employ any other algorithm, software, or comparison group, the proposed method can be easily deployed.