Title :
Identification of Malicious Web Pages with Static Heuristics
Author :
Seifert, Christian ; Welch, Ian ; Komisarczuk, Peter
Author_Institution :
Victoria Univ. of Wellington, Wellington, New Zealand
Abstract :
Malicious web pages that launch client-side attacks on web browsers have become an increasing problem in recent years. High-interaction client honeypots are security devices that can detect these malicious web pages on a network. However, high-interaction client honeypots are both resource-intensive and known to miss attacks. This paper presents a novel classification method for detecting malicious web pages that involves inspecting the underlying static attributes of the initial HTTP response and HTML code. Because malicious web pages import exploits from remote resources and hide exploit code, static attributes characterizing these actions can be used to identify a majority of malicious web pages. Combining high-interaction client honeypots and this new classification method into a hybrid system leads to significant performance improvements.
Keywords :
Internet; Web sites; computer crime; client-side attacks; high-interaction client honeypots; malicious web page identification; static attributes; web browsers; Computer displays; Control systems; Electronic mail; File servers; HTML; Intrusion detection; Network servers; Resource virtualization; Web pages; Web server; Client Honeypots; Drive-by-downloads; Intrusion Detection; Security;
Conference_Titel :
Telecommunication Networks and Applications Conference, 2008. ATNAC 2008. Australasian
Conference_Location :
Adelaide, SA
Print_ISBN :
978-1-4244-2602-7
Electronic_ISBN :
978-1-4244-2603-4
DOI :
10.1109/ATNAC.2008.4783302
