论文信息 - A Novel Framework for Learning to Detect Malicious Web Pages

A Novel Framework for Learning to Detect Malicious Web Pages

Malicious web pages are a widely-recognized threat to the security of the web. Malicious web pages launch so-called drive-by download attacks that are able to gain complete control of a user’s computer for illegitimate purpose. Even a single visit to a malicious web page enables an automatically download and installation of malicious malware executables. In this paper, we propose a novel approach for classifying web pages automatically as either malicious or benign based on a supervised machine learning. Our approach learns to detect malicious web pages exclusively based on HTTP session information (e.g., HTTP session headers, domains of requests and responses). With the corpus of 50,000 benign web pages and 500 malicious web pages, we are capable of successfully detecting 92.2% of the malicious web pages with a low false positive rate 0.1%.

[1] P. Komisarczuk,et al. Identification of Malicious Web Pages with Static Heuristics , 2008, 2008 Australasian Telecommunication Networks and Applications Conference.

[2] Ian Welch,et al. Measurement Study on Malicious Web Servers in the .nz Domain , 2009, ACISP.

[3] Xuxian Jiang,et al. Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities , 2006, NDSS.

[4] Niels Provos,et al. The Ghost in the Browser: Analysis of Web-based Malware , 2007, HotBots.

[5] Niels Provos,et al. All Your iFRAMEs Point to Us , 2008, USENIX Security Symposium.

[6] Tsuhan Chen,et al. Malicious web content detection by machine learning , 2010, Expert Syst. Appl..

[7] Damien Deville,et al. SpyProxy: Execution-based Detection of Malicious Web Content , 2007, USENIX Security Symposium.