Detecting Malicious Landing Pages in Malware Distribution Networks

dc.contributor.authorWang, Gang Alanen
dc.contributor.authorStokes, Jack W.en
dc.contributor.authorHerley, Cormacen
dc.contributor.authorFelstead, Daviden
dc.contributor.departmentComputer Scienceen
dc.date.accessioned2018-05-31T14:37:49Zen
dc.date.available2018-05-31T14:37:49Zen
dc.date.issued2013-06en
dc.description.abstractDrive-by download attacks attempt to compromise a victim’s computer through browser vulnerabilities. Often they are launched from Malware Distribution Networks (MDNs) consisting of landing pages to attract traffic, intermediate redirection servers, and exploit servers which attempt the compromise. In this paper, we present a novel approach to discovering the landing pages that lead to drive-by downloads. Starting from partial knowledge of a given collection of MDNs we identify the malicious content on their landing pages using multiclass feature selection. We then query the webpage cache of a commercial search engine to identify landing pages containing the same or similar content. In this way we are able to identify previously unknown landing pages belonging to already identified MDNs, which allows us to expand our understanding of the MDN. We explore using both a rule-based and classifier approach to identifying potentially malicious landing pages. We build both systems and independently verify using a high-interaction honeypot that the newly identified landing pages indeed attempt drive-by downloads. For the rule-based system 57%of the landing pages predicted as malicious are confirmed, and this success rate remains constant in two large trials spaced five months apart. This extends the known footprint of the MDNs studied by 17%. The classifier-based system is less successful, and we explore possible reasons.en
dc.identifier.urihttp://hdl.handle.net/10919/83428en
dc.language.isoen_USen
dc.publisherIEEEen
dc.relation.ispartofDSN 2013: 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networksen
dc.rightsIn Copyrighten
dc.rights.urihttp://rightsstatements.org/vocab/InC/1.0/en
dc.subjectDrive-by downloaden
dc.subjectmalware distribution networken
dc.subjectsignatureen
dc.titleDetecting Malicious Landing Pages in Malware Distribution Networksen
dc.typeConference proceedingen
dc.typePresentationen

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
WangMaliciousLanding2013.pdf
Size:
249 KB
Format:
Adobe Portable Document Format
Description: