Detecting and characterizing malicious websites

Date

2014

Authors

Xu, Li

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

Malicious websites have become a big cyber threat. Given that malicious websites are inevitable, we need good solutions for detecting them. The present dissertation makes three contributions that are centered on addressing the malicious websites problem. First, it presents a novel cross-layer method for detecting malicious websites, which essentially exploits the network-layer "lens" to expose more information about malicious websites. Evaluation based on some real data shows that cross-layer detection is about 50 times faster than the dynamic approach, while achieving almost the same detection effectiveness (in terms of accuracy, false -negative rate, and false-positive rate). Second, it presents a novel proactive detection method to deal with adaptive attacks that can be exploited to evade the static detection approach. By formulating a novel security model, it characterizes when proactive detection can achieve significant success against adaptive attacks. Third, it presents statistical characteristics on the evolution of malicious websites. The characteristics offer deeper understanding about the threat of malicious websites.

Description

The author has granted permission for their work to be available to the general public.

Keywords

Cross-layer deteciton, dynamic analysis, hybrid analysis, Malicious URL, static analysis

Citation

Department

Computer Science