Le, Van Lam, Welch, Ian, Gao, Xiaoying Sharon and Komisarczuk, Peter (2011) Identification of potential malicious web pages. In: Proceedings of the Ninth Australasian Information Security Conference (AISC 2011), 17-20 Jan 2011, Perth, Australia.
CRPITV116Le.pdf - Accepted Version
Download (123kB) | Preview
Malicious web pages are an emerging security concern on the Internet due to their popularity and their potential serious impact. Detecting and analysing them are very costly because of their qualities and complexities. In this paper, we present a lightweight scoring mechanism that uses static features to identify potential malicious pages. This mechanism is intended as a filter that allows us to reduce the number suspicious web pages requiring more expensive analysis by other mechanisms that require loading and interpretation of the web pages to determine whether they are malicious or benign. Given its role as a filter, our main aim is to reduce false positives while minimising false negatives. The scoring mechanism has been developed by identifying candidate static features of malicious web pages that are evaluate using a feature selection algorithm. This identifies the most appropriate set of features that can be used to efficiently distinguish between benign and malicious web pages. These features are used to construct a scoring algorithm that allows us to calculate a score for a web page's potential maliciousness. The main advantage of this scoring mechanism compared to a binary classifier is the ability to make a trade-off between accuracy and performance. This allows us to adjust the number of web pages passed to the more expensive analysis mechanism in order to tune overall performance.
|Item Type:||Conference or Workshop Item (Paper)|
|Additional Information:||© 2011 Australian Computer Society, Inc|
|Uncontrolled Keywords:||Internet Security, Drive-by-download, malicious web page|
|Depositing User:||Vani Aul|
|Date Deposited:||21 Mar 2014 15:13|
|Last Modified:||14 Mar 2017 10:29|
Downloads per month over past year
Actions (login required)