BLACKLISTING OF MALICIOUS WEB PAGES BY EVALUATION OF DOMAIN REGISTRATION INFORMATION

Malicious web pages that host drive by download exploits have become a popular means by which an attacker delivers malicious contents onto computers across the internet. As a result of the increase in drive by download attack, researchers have developed systems to detect and stop such attacks. Blacklisting and in particular URL blacklisting is one main methods. URL blacklisting are however prone to evasion attacks when the lexical structure of the URL changes. In this paper, we propose the usage of domain related information for the detection of drive by download web pages. These domain features are used to model a scoring mechanism classification system. We show the effectiveness of detecting malicious web pages using domain based by obtaining a high detection rate and a relatively low false negative.

[1]  Niels Provos,et al.  All Your iFRAMEs Point to Us , 2008, USENIX Security Symposium.

[2]  Yi-Chun Yeh,et al.  BrowserGuard: A Behavior-Based Solution to Drive-by-Download Attacks , 2011, IEEE Journal on Selected Areas in Communications.

[3]  Niels Provos,et al.  The Ghost in the Browser: Analysis of Web-based Malware , 2007, HotBots.

[4]  Martin Johns,et al.  On JavaScript Malware and related threats , 2008, Journal in Computer Virology.

[5]  Vern Paxson,et al.  On the Potential of Proactive Domain Blacklisting , 2010, LEET.

[6]  Wenke Lee,et al.  ARROW: GenerAting SignatuRes to Detect DRive-By DOWnloads , 2011, WWW.

[7]  Westone,et al.  Home Page , 2004, 2022 2nd International Conference on Intelligent Cybernetics Technology & Applications (ICICyTA).

[8]  Kouichi Sakurai,et al.  Proactive Blacklisting for Malicious Web Sites by Reputation Evaluation Based on Domain and IP Address Registration , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.