SpiderNet: An interaction tool for predicting malicious web pages

Malicious code injection poses a serious security issue over the Internet or over the Web application. In malicious code injection attacks, hackers can take advantage of defectively coded Web application software to initiate malicious code into the organization's systems and network. The vulnerability persevere when a Web application do not properly sanitize the data entered by the user on a Web page. Attacker can steal confidential data of the user like password, pin number, and etc., these attacks resulting defeat of market value of the organization. This research work is model the malicious Web page prediction as a classification task and provides a convenient solution by using a powerful machine learning technique such as Support Vector Machine (SVM), Extreme Learning Machine (ELM). The main aim of this research work is to predict the type of the malicious attack like Redirect, Script injection and XSS using the machine learning approaches; in this case, the prediction time is taken into consideration. The supervised learning algorithms such as SVM and ELM are employed for implementing the prediction model.

[1]  Dawn Xiaodong Song,et al.  Design and Evaluation of a Real-Time URL Spam Filtering Service , 2011, 2011 IEEE Symposium on Security and Privacy.

[2]  Amaury Lendasse,et al.  OP-ELM: Theory, Experiments and a Toolbox , 2008, ICANN.

[3]  Lawrence K. Saul,et al.  Beyond blacklists: learning to detect malicious web sites from suspicious URLs , 2009, KDD.

[4]  Marc Najork,et al.  Detecting spam web pages through content analysis , 2006, WWW '06.

[5]  Geoff Hulten,et al.  Spamming botnets: signatures and characteristics , 2008, SIGCOMM '08.

[6]  Chee Kheong Siew,et al.  Extreme learning machine: Theory and applications , 2006, Neurocomputing.

[7]  Massimiliano Pontil,et al.  Support Vector Machines: Theory and Applications , 2001, Machine Learning and Its Applications.

[8]  Benjamin G. Zorn,et al.  Zozzle: Low-overhead Mostly Static JavaScript Malware Detection , 2010 .

[9]  Christopher Krügel,et al.  Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis , 2007, NDSS.

[10]  Benjamin Livshits,et al.  ZOZZLE: Fast and Precise In-Browser JavaScript Malware Detection , 2011, USENIX Security Symposium.

[11]  Thomas Lavergne,et al.  Tracking Web spam with HTML style similarities , 2008, TWEB.

[12]  S. Krishnaveni Efficient Prediction of Cross-Site Scripting Web Pages using Extreme Learning Machine , 2013 .

[13]  Christopher Krügel,et al.  Detection and analysis of drive-by-download attacks and malicious JavaScript code , 2010, WWW '10.

[14]  Michael D. Ernst Static and dynamic analysis: synergy and duality , 2003 .

[15]  Lipo Wang Support vector machines : theory and applications , 2005 .

[16]  P. Komisarczuk,et al.  Identification of Malicious Web Pages with Static Heuristics , 2008, 2008 Australasian Telecommunication Networks and Applications Conference.

[17]  Eduardo Feitosa,et al.  Automatic classification of cross-site scripting in web pages using document-based and URL-based features , 2012, 2012 IEEE Symposium on Computers and Communications (ISCC).

[18]  Giovanni Vigna,et al.  Prophiler: a fast filter for the large-scale detection of malicious web pages , 2011, WWW.