Analysis of Redirection Caused by Web-based Malware

Web-based malicious software (malware) has been increasing over the Internet. It poses threats to computer users through Web sites. Computers are infected with Web-based malware by drive-by-download attacks. Drive-by-download attacks force users to download and install the Web-based malware without being aware of it. These attacks evade detection by using automatic redirections to various Web sites. It is difficult to detect these attacks because each redirection uses the obfuscation technique. This paper analyzes the HTTP communication data of drive-by-download attacks. The results show significant features of the malicious redirections that are used effectively when we detect malware