Detecting and characterizing malicious websites

Date
2014
Authors
Xu, Li
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract

Malicious websites have become a big cyber threat. Given that malicious websites are inevitable, we need good solutions for detecting them. The present dissertation makes three contributions that are centered on addressing the malicious websites problem. First, it presents a novel cross-layer method for detecting malicious websites, which essentially exploits the network-layer "lens" to expose more information about malicious websites. Evaluation based on some real data shows that cross-layer detection is about 50 times faster than the dynamic approach, while achieving almost the same detection effectiveness (in terms of accuracy, false -negative rate, and false-positive rate). Second, it presents a novel proactive detection method to deal with adaptive attacks that can be exploited to evade the static detection approach. By formulating a novel security model, it characterizes when proactive detection can achieve significant success against adaptive attacks. Third, it presents statistical characteristics on the evolution of malicious websites. The characteristics offer deeper understanding about the threat of malicious websites.

Description
The author has granted permission for their work to be available to the general public.
Keywords
Cross-layer deteciton, dynamic analysis, hybrid analysis, Malicious URL, static analysis
Citation
Department
Computer Science