Identification of malicious web pages with static heuristics

Seifert, Christian, Komisarczuk, Peter and Welch, Ian (2008) Identification of malicious web pages with static heuristics. In: 2008 Australasian Telecommunication Networks and Applications Conference (ATNAC 2008), 07-10 Dec 2008, Adelaide, Australia.

Full text not available from this repository.

Abstract

Malicious web pages that launch client-side attacks on web browsers have become an increasing problem in recent years. High- interaction client honeypots are security devices that can detect these malicious web pages on a network. However, high-interaction client honeypots are both resource-intensive and known to miss attacks. This paper presents a novel classification method for detecting malicious web pages that involves inspecting the underlying static attributes of the initial HTTP response and HTML code. Because malicious web pages import exploits from remote resources and hide exploit code, static attributes characterizing these actions can be used to identify a majority of malicious web pages. Combining high-interaction client honeypots and this new classification method into a hybrid system leads to significant performance improvements.

Item Type: Conference or Workshop Item (Paper)
Subjects: Computing
Depositing User: Vani Aul
Date Deposited: 21 Mar 2014 14:41
Last Modified: 14 Mar 2017 16:29
URI: http://repository.uwl.ac.uk/id/eprint/796

Actions (login required)

View Item View Item

Menu