Detecting Malicious Landing Pages in Malware Distribution Networks
| dc.contributor.author | Wang, Gang Alan | en |
| dc.contributor.author | Stokes, Jack W. | en |
| dc.contributor.author | Herley, Cormac | en |
| dc.contributor.author | Felstead, David | en |
| dc.contributor.department | Computer Science | en |
| dc.date.accessioned | 2018-05-31T14:37:49Z | en |
| dc.date.available | 2018-05-31T14:37:49Z | en |
| dc.date.issued | 2013-06 | en |
| dc.description.abstract | Drive-by download attacks attempt to compromise a victim’s computer through browser vulnerabilities. Often they are launched from Malware Distribution Networks (MDNs) consisting of landing pages to attract traffic, intermediate redirection servers, and exploit servers which attempt the compromise. In this paper, we present a novel approach to discovering the landing pages that lead to drive-by downloads. Starting from partial knowledge of a given collection of MDNs we identify the malicious content on their landing pages using multiclass feature selection. We then query the webpage cache of a commercial search engine to identify landing pages containing the same or similar content. In this way we are able to identify previously unknown landing pages belonging to already identified MDNs, which allows us to expand our understanding of the MDN. We explore using both a rule-based and classifier approach to identifying potentially malicious landing pages. We build both systems and independently verify using a high-interaction honeypot that the newly identified landing pages indeed attempt drive-by downloads. For the rule-based system 57%of the landing pages predicted as malicious are confirmed, and this success rate remains constant in two large trials spaced five months apart. This extends the known footprint of the MDNs studied by 17%. The classifier-based system is less successful, and we explore possible reasons. | en |
| dc.identifier.uri | http://hdl.handle.net/10919/83428 | en |
| dc.language.iso | en_US | en |
| dc.publisher | IEEE | en |
| dc.relation.ispartof | DSN 2013: 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks | en |
| dc.rights | In Copyright | en |
| dc.rights.uri | http://rightsstatements.org/vocab/InC/1.0/ | en |
| dc.subject | Drive-by download | en |
| dc.subject | malware distribution network | en |
| dc.subject | signature | en |
| dc.title | Detecting Malicious Landing Pages in Malware Distribution Networks | en |
| dc.type | Conference proceeding | en |
| dc.type | Presentation | en |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- WangMaliciousLanding2013.pdf
- Size:
- 249 KB
- Format:
- Adobe Portable Document Format
- Description: