Cross-layer detection of malicious websites

CODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy

Volumn , Issue , 2013, Pages 141-152

  Xu, Li ^a   Zhan, Zhenxin ^a   Xu, Shouhuai ^a   Ye, Keying ^a  

^a UNIVERSITY OF TEXAS AT SAN ANTONIO   (United States)

Author keywords

Cross layer detection; Dynamic analysis; Hybrid analysis; Malicious URL; Static analysis

Indexed keywords

COMPUTATIONAL LIMITATIONS; CROSS-LAYER; DETECTION APPROACH; DETECTION TECHNIQUE; EVALUATION METHODS; HYBRID ANALYSIS; MALICIOUS URL; STATIC AND DYNAMIC;

DYNAMIC ANALYSIS; STATIC ANALYSIS;

WEBSITES;

EID: 84874838079     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2435349.2435366     Document Type: Conference Paper

References (41)

1. A. A. Benczur, K. Csalogany, T. Sarlos, and M. Uhcr. SpamRank - fully automatic link spam dctcction. In AIRWeb '05, 2005.
2. D. Canali, M. Cova, G. Vigna, and C. Kruegel. Prophilcr: a fast filter for the large-scale detection of malicious web pages. In WWW'11, pages 197-206. ACM, 2011.
3. K. Z. Chen, G. Gu, J. Nazario, X. Han, and J. Zhuge. WebPatrol: Automated collection and replay of web-bascd malware scenarios. In ASIACCS' 11, pages 186-195, 2011.
4. H. Choi, B. B. Zhu, and H. Lee. Detecting malicious web links and identifying their attack types. In WebApps '11, pages 11-11, 2011.
5. C. Cortes and V. Vapnik. Support-vector networks. In Machine Learning, pages 273-297, 1995.
6. M. Cova, C. Kruegel, and G. Vigna. Detection and analysis of drive-by-download attacks and malicious javascript code. In WWW'10, pages 281-290, 2010.
7. T. M. Cover and J. A. Thomas. Elements of Information Theory. Wiley-Interscience, New York, NY, USA, 1991.
8. C. Curtsinger, B. Livshits, B. Zorn, and C. Seifert. ZOZZLE: Fast and precise in-browser javascript malware detection. In USENIX Security, 2011.
9. A. Dewald, T. Holz, and F. C. Freiling. Adsandbox: Sandboxing javascript to fight malicious websites. In SAC'10, pages 1859-1864, 2010.
10. B. Feinstein and D. Peck. Caffeine Monkey: Automated collection, detection and analysis of malicious javascript. In Black Hat '07, 2007.
11. S. Garcra, N. Provos, M. Chew, and A. D. Rubin. A framework for detection and measurement of phishing attacks. In WORM'07, pages 1-8, 2007.
12. M. Hall, E. Frank, G. Holmes, B. Pfahringer, P. Reutemann, and I. H. Witten. The weka data mining software: an update. SIGKDD Explor. News!., pages 10-18, 2009.
13. M. A. Hall. Correlation-based Feature Subset Selection for Machine Learning. PhD thesis, University of Waikato, Hamilton, New Zealand, 1998.
14. Y.-T. Hou, Y. Chang, T. Chen, C.-S. Laih, and C.-M. Chen. Malieious web eontent detection by machine learning. Expert Syst. Appl., pages 55-60, January 2010.
15. Google Safe Browsing API. http://goo.gl/tsXz2.
16. The Ultimate Deobfuscator. http://goo.gl/KVM8w.
17. Capture - Honeypot Client (Capture-HPC). http://goo.gl/u7qJZ.
18. Know your enemy: Malicious web servers. http://goo.gl/tfxQl.
19. Know your enemy: Behind the scenes of malicious web servers, http://goo.gl/MNfTY.
20. netfilter - iptables. http://goo.gl/bfh6F.
21. McAfee SiteAdvisor. http://goo.gl/cfjC.
22. Tcpdump & libcap. http://goo.gl/wt2W.
23. G. H. John and P. Langley. Estimating continuous distributions in Bayesian classifiers. UAI, pages 338-345, 1995.
24. A. Kapravelos, M. Cova, C. Kruegel, and G. Vigna. Escape from monkey island: Evading high-interaction honeyclients. In DIMVA'11, 2011.
25. S. le Cessie and J. van Houwelingen. Ridge estimators in logistic regression. Applied Statistics, pages 191-201, 1992.
26. J. Ma, L. K. Saul, S. Savage, and G. M. Voelker. Beyond blacklists: Learning to detect malicious web sites from suspicious urls. In KDD'09, pages 1245-1254, 2009.
27. T. F. Mario Heiderich and T. Holz. IceShicld: Detection and mitigation of malicious websites with a frozen DOM. In RAID'11, pages 281-300, 2011.
28. J. Nazario. PhoneyC: a virtual client honeypot. In LEET'09, 2009.
29. Y. Niu, Y. min Wang, H. Chen, M. Ma, and F. Hsu. A quantitative study of forum spamming using contcxtbased analysis. In NDSS'07, 2007.
30. W. Palant. JavaScript Deobfuscator. http://goo.gl/u80Va.
31. J. C. Piatt. Fast training of support vector machines using sequential minimal optimization. In Advances in Kernel Methods, pages 185-208. MIT Press, 1999.
32. N. Provos, P. Mavrommatis, M. A. Rajab, and F. Monrose. All your iframes point to us. In USENIXSecurity, 2008.
33. Z. Qian, Z. M. Mao, Y. Xie, and F. Yu. On network-level clusters for spam detection. In NDSS'10, 2010.
34. R. Quinlan. C4.5: Programs for Machine Learning. Morgan Kaufmann Publishers Inc., San Mateo, CA, 1993.
35. M. Rajab, L. Ballard, N. Jagpal, P. Mavrommatis, D. Nojiri, N. Provos, and L. Schmidt. Trends in circumventing web-malware detection. Technical report, Google, 2011.
36. K. Rieek. T. Krueger, and A. Dewald. Cujo: efficient detection and prevention of drive-by-download attacks. In ACSAC'10, pages 31-39, 2010.
37. Sophos Corporation. Security Threat Report Update 07/2008. http://goo.gl/pg8HE.
38. K. Thomas, C. Grier, J. Ma, V. Paxson, and D. Song. Design and evaluation of a real-tune url spam filtering service. In S&P'Jly 2011.
39. Y.-M. Wang, D. Beck, X. Jiang, and R. Roussev. Automated web patrol with stridcr honeymonkcys: Finding web sites that exploit browser vulnerabilities. In NDSS'06, 2006.
40. C. Whittaker, B. Ryner, and M. Nazif. Large-scale automatic classification of plushmg pages. In NDSS'JO, 2010.
41. J. Zhang, C. Seifert, J. W. Stokes, and W. Lee. ARROW: Generating signatures to detect drive-by downloads. In WWW'17, pages 187-196, 2011.