Identification of malicious web pages with static heuristics

Seifert, C., Komisarczuk, Peter and Welch, I. (2008) Identification of malicious web pages with static heuristics. In: The Australasian Telecommunication Networks and Applications Conference, 07-10 December 2008, Adelaide, Australia.

Full text not available from this repository.


Malicious web pages that launch client-side attacks
on web browsers have become an increasing problem in recent
years. High- interaction client honeypots are security devices that
can detect these malicious web pages on a network. However,
high-interaction client honeypots are both resource-intensive and
known to miss attacks. This paper presents a novel classification
method for detecting malicious web pages that involves inspecting
the underlying static attributes of the initial HTTP response
and HTML code. Because malicious web pages import exploits
from remote resources and hide exploit code, static attributes
characterizing these actions can be used to identify a majority
of malicious web pages. Combining high-interaction client honeypots
and this new classification method into a hybrid system
leads to significant performance improvements.

Item Type: Conference or Workshop Item (Paper)
Subjects: Computing
Depositing User: Vani Aul
Date Deposited: 21 Mar 2014 14:41
Last Modified: 11 Dec 2015 10:46

Actions (login required)

View Item View Item