ALICE@home: Distributed Framework for Detecting Malicious Sites

Malware silently infects millions of systems every year through drive-by downloads, i.e., client-side exploits against web browsers or browser helper objects that are triggered when unsuspecting users visit a page containing malicious content. Identifying and blacklisting websites that distribute malicious content or redirect to a distributing page is an important part of our defense strategy against such attacks. However, building such lists is fraught with challenges of scale, timeliness and deception due to evasive strategies employed by adversaries. In this work, we describe alice@home, a distributed approach to overcoming these challenges and actively identifying malware distribution sites.

[1]  Jose Nazario,et al.  PhoneyC: A Virtual Client Honeypot , 2009, LEET.

[2]  Niels Provos,et al.  All Your iFRAMEs Point to Us , 2008, USENIX Security Symposium.

[3]  Xuxian Jiang,et al.  Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities , 2006, NDSS.

[4]  Steven D. Gribble,et al.  A Crawler-based Study of Spyware in the Web , 2006, NDSS.

[5]  Damien Deville,et al.  SpyProxy: Execution-based Detection of Malicious Web Content , 2007, USENIX Security Symposium.

[6]  E.P. Markatos,et al.  Honey@home: A New Approach to Large-Scale Threat Monitoring , 2008, 2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing.