Detecting and characterizing malicious websites

Malicious websites have become a big cyber threat. Given that malicious websites are inevitable, we need good solutions for detecting them. The present dissertation makes three contributions that are centered on addressing the malicious websites problem. First, it presents a novel cross-layer method for detecting malicious websites, which essentially exploits the network-layer "lens" to expose more information about malicious websites. Evaluation based on some real data shows that cross-layer detection is about 50 times faster than the dynamic approach, while achieving almost the same detection effectiveness (in terms of accuracy, false -negative rate, and false-positive rate). Second, it presents a novel proactive detection method to deal with adaptive attacks that can be exploited to evade the static detection approach. By formulating a novel security model, it characterizes when proactive detection can achieve significant success against adaptive attacks. Third, it presents statistical characteristics on the evolution of malicious websites. The characteristics offer deeper understanding about the threat of malicious websites.