Survey on Malicious Web Pages Detection Techniques

The World Wide Web has become an inseparable part of millions of people who use online services e.g. online banking, online shopping, social networking, e-commerce, and store and manage user sensitive information, etc. In fact, it is a popular tool for any class of user over the Internet. Rich Web based applications are available over the World Wide Web to provide such types of services. At the same time, the Web has become an important means for people to interact with each other and do business. This is the positive side of this technology. Unfortunately, the Web has also become a more dangerous place. The popularity of World Wide Web has also attracted intruders and attackers. These intruders abuse the Internet and users by performing illegitimate activity for financial profit. The Web pages that contain such types of attacks or malicious code are called as malicious Web pages. While the existing approaches are good indicators in detecting malicious Web pages, there are still open issues in Web page features selection and detection techniques. In this paper, we are giving an extensive survey of existing malicious Web pages detection approaches and features they have used.

[1]  Wang Tao,et al.  A Novel Framework for Learning to Detect Malicious Web Pages , 2010, 2010 International Forum on Information Technology and Applications.

[2]  Andrew H. Sung,et al.  Learning to Detect Phishing Webpages , 2014, J. Internet Serv. Inf. Secur..

[3]  Justin Tung Ma,et al.  Learning to detect malicious URLs , 2011, TIST.

[4]  YoungHan Choi,et al.  Automatic Detection for JavaScript Obfuscation Attacks in Web Pages through String Pattern Analysis , 2009, FGIT.

[5]  Andrew H. Sung,et al.  Classifying Phishing Emails Using Confidence-Weighted Linear Classifiers , 2010 .

[6]  Ian Welch,et al.  Two-Stage Classification Model to Detect Malicious Web Pages , 2011, 2011 IEEE International Conference on Advanced Information Networking and Applications.

[7]  Andreas Dewald,et al.  Forschungsberichte der Fakultät IV – Elektrotechnik und Informatik C UJO : Efficient Detection and Prevention of Drive-by-Download Attacks , 2010 .

[8]  Christopher Krügel,et al.  Detection and analysis of drive-by-download attacks and malicious JavaScript code , 2010, WWW '10.

[9]  Lawrence K. Saul,et al.  Beyond blacklists: learning to detect malicious web sites from suspicious URLs , 2009, KDD.

[10]  Komminist Weldemariam,et al.  BINSPECT: Holistic Analysis and Detection of Malicious Web Pages , 2012, SecureComm.

[11]  Heejo Lee,et al.  Detecting Malicious Web Links and Identifying Their Attack Types , 2011, WebApps.

[12]  Niels Provos,et al.  All Your iFRAMEs Point to Us , 2008, USENIX Security Symposium.

[13]  Lawrence K. Saul,et al.  Identifying suspicious URLs: an application of large-scale online learning , 2009, ICML '09.

[14]  Giovanni Vigna,et al.  Prophiler: a fast filter for the large-scale detection of malicious web pages , 2011, WWW.

[15]  Dawei Wang,et al.  Malicious Web Pages Detection Based on Abnormal Visibility Recognition , 2009, 2009 International Conference on E-Business and Information System Security.

[16]  Bin Zhao,et al.  Malicious web page detection based on on-line learning algorithm , 2011, 2011 International Conference on Machine Learning and Cybernetics.