Identification of malicious web pages with static heuristics

Proceedings of the 2008 Australasian Telecommunication Networks and Applications Conference, ATNAC 2008

Volumn , Issue , 2008, Pages 91-96

  Seifert, Christian ^a   Welch, Ian ^a   Komisarczuk, Peter ^a  

^a VICTORIA UNIVERSITY OF WELLINGTON   (New Zealand)

Author keywords

Client honeypots; Drive by downloads; Intrusion detection; Security

Indexed keywords

CLASSIFICATION METHODS; CLIENT HONEYPOTS; PERFORMANCE IMPROVEMENTS; REMOTE RESOURCES; SECURITY; SECURITY DEVICES; WEB PAGES;

INTRUSION DETECTION; MARKUP LANGUAGES; TELECOMMUNICATION NETWORKS; TELECOMMUNICATION SYSTEMS; WORLD WIDE WEB;

WEB BROWSERS;

EID: 64349114005     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ATNAC.2008.4783302     Document Type: Conference Paper

References (24)

1. K. Wang, "Honeyclient," vol. 2007, no. 1/2/2007, 2005, p. available from http://www.honeyclient.org/trac; accessed on 2 Janurary 2007.
2. Y.-M. Wang, D. Beck, X. Jiang, R. Roussev, C. Verbowski, S. Chen, and S. King, "Automated web patrol with strider honeymonkeys: Finding web sites that exploit browser vulnerabilities," in 13th Annual Network and Distributed System Security Symposium. San Diego: Internet Society, 2006.
3. A. Moshchuk, T. Bragin, S. D. Gribble, and H. M. Levy, "A crawlerbased study of spyware on the web," in 13th Annual Network and Distributed System Security Symposium. San Diego: The Internet Society, 2006.
4. C. Seifert and R. Steenson, "Capture - honeypot client," 2006, pp. available from https://www.client--honeynet.org/capture.html; accessed on 22 September 2007.
5. C. Seifert, "Know your enemy: Behind the scenes of malicious web servers." The Honeynet Project, 2007, p. available from http:/www.honeynet.org/papers/wek; accessed on 7 November 2007.
6. Netscape Communications Corporation, "DMOZ open directory project," 1998, p. available from http://www.dmoz.org; accessed on 13 October 2007.
7. D. Filo and J. Wang, "Yahoo! search engine," 1994, p. available from http://www.yahoo.com/; accessed on 20 November 2007.
8. I. H. Witten and E. Frank, Data Mining: Practical machine learning tools and techniques, 2nd ed. San Francisco: Morgan Kaufmann, 2005.
9. HauteSecure, "Home page," 2006, p. available from http://www.hautesecure.com; accessed on 13 September 2008.
10. C. Seifert, P. Komisarczuk, and I. Welch, "Application of divide-andconquer algorithm paradigm to improve the detection speed of high interaction client honeypots," in 23rd Annual ACM Symposium on Applied Computing. Ceara: ACM, 2008.
11. C. Seifert, "Improving detection accuracy and speed with hybrid client honeypots, phd proposal," vol. 2007. Victoria University of Wellington, 2007, pp. available from http://www.mcs.vuw.ac.nz/~cseifert/ publications/Cseifert phd proposal--Hybrid Client Honeypots.pdf; accessed on 22 March 2007.
12. C. Seifert, I. Welch, and P. Komisarczuk, "Honeyc - the low-interaction client honeypot," in NZCSRCS, Hamilton, 2007.
13. N. Provos and T. Holz, "Client honeypots," in Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Upper Saddle River, NJ: Addison Wesley Professional, 2007, pp. 231-272.
14. B. Feinstein and D. Peck, "Caffeine monkey: Automated collection, detection and analysis of malicious javascript," in Black Hat USA 2007, Las Vegas, 2007.
15. N. Provos, D. McNamee, P. Mavrommatis, K. Wang, and N. Modadugu, "The ghost in the browser: Analysis of web-based malware," in Hot-Bots'07. Cambridge: Usenix, 2007.
16. N. Provos, P. Mavrommatis, M. A. Rajab, and F. Monrose, "All your iframes point to us." Google Inc., 2008, pp. available from http://googleonlinesecurity.blogspot.com/2008/02/ all-your-iframe-are-point-to- us.html; accessed on 15 Feburary 2008.
17. C. Reis, J. Dunagan, H. J. Wang, O. Dubrovsky, and S. Esmeir, "Browsershield: Vulnerability-driven filtering of dynamic html," in 7th USENIX Symposium on Operating Systems Design and Implementation. Seattle: Usenix, 2006.
18. M. Ernst, "Self-defending software: Collaborative learning for security," 2008.
19. K. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. Markatos, and A. Keromytis, "Detecting targeted attacks using shadow honeypots," in 14th USENIX Security Symposium. Baltimore: Usenix, 2005.
20. A. Moshchuk, T. Bragin, D. Deville, S. D. Gribble, and H. M. Levy, "Spyproxy: Execution-based detection of malicious web content," in Proceedings of the 16th USENIX Security Symposium, Boston, MA, August 2007.
21. S. Sidiroglou, J. Ioannidis, A. Keromytis, and S. J. Stolfo, "An email worm vaccine architecture," in 1st Information Security Practice and Experience Conference, Singapore, 2005.
22. F. Pouget and T. Holz, "A pointillist approach for comparing honeypots," in DIMVA, Vienna, 2005.
23. S. Axelsson, "The base-rate fallacy and its implications for the difficulty of intrusion detection," in 6th ACM Conference on Computer and Communications Security. Singapore: ACM Press, 1999.
24. Microsoft Cooperation, "Microsoft security bulletin ms06-055: Vulnerability in vector markup language could allow remote code execution," 2006, pp. available from http://www.microsoft.com/technet/security/Bulletin/ MS06--055.mspx; accessed on 14 February 2007.