KDDI R&D Laboratories and SecureBrain Develop New Technology to Prevent Infection by Malware Due to Falsified Websites Field Tests Launched for “Framework for Countering Drive-by Downloads”

August 5, 2015
KDDI R&D Laboratories, Inc.
SecureBrain Corporation

SAITAMA, JAPAN, August 5, 2015 —KDDI R&D Laboratories, Inc. and SecureBrain Corporation announced today their newly developed “Framework for Countering Drive-by Downloads,” a new user participation-type system that prevents infection by malware due to falsified websites, a type of attack known as a drive-by download (DBD). As one element of their R&D efforts, KDDI R&D Laboratories and SecureBrain entered into a collaboration on July 1, 2015 with Japan’s National Institute of Information and Communications Technology (NICT) to field test the framework, and they are now looking for test participants.

In recent years cyber-attacks have become increasingly sophisticated and well-organized. In particular, attackers who exploit the web browser and plug-in vulnerabilities of users who have accessed web sites have caused an increasing amount of damage, using DBD attacks that coercively infect user’s machines with malware or other malware. KDDI R&D Laboratories and SecureBrain, as commissioned by NICT, are moving forward with R&D on the Framework for Countering Drive-by Downloads (FC-DBD), a user participation-type DBD countermeasure framework that can defend against today’s increasingly threatening, well-organized cyber-attacks. Here are the roles of the three partners:

- KDDI R&D Laboratories: Development of the FC-DBD system and development of the DBD attack site detection method

- SecureBrain: Handling field test participant recruitment and development of analytical techniques for web content

- NICT: Field test oversight, extraction and analysis of DBD attack site characteristics

The FC-DBD asks cooperating users to install browser observation software on their PCs. This enables effective monitoring of vast areas of the web through users’ everyday web browsing, with which will help to streamline the detection of DBD attacks.

With these field tests, KDDI R&D Laboratories and SecureBrain intend to confirm the validity of the FC-DBD, and are seeking participants for the framework. Under the FC-DBD, participants install browser observation software on their PCs to help the test detect DBD attacks. Following the test, they will also be asked to complete a survey. Those participating in the tests will be presented with an e-gift, equivalent in value to 2,000 yen, which is exchangeable for a variety of forms of e-money or points.

The FC-DBD implements a structure whereby participating individuals are kept anonymous, with no way to discern identities based on the data they provide. Prior to the start of these field tests, key figures in the field of privacy were invited to attend a review session where the details of implementation were discussed. The goal is for users to participate in the FC-DBD with peace of mind.

Please see the attached documents with regard to field test participation methods and commitment to privacy.

KDDI R&D Laboratories, SecureBrain and NICT aim to leverage the R&D and field tests of the FC-DBD to help build a safe, secure society that is resilient in the face of cyber-attacks.

For further information, please see the separate materials, as below.

Reference Material (In Japanese)

END

※The information contained in the articles is current at the time of publication.Products, service fees, service content and specifications, contact information, and other details are subject to change without notice.