|
DOMAIN INFORMATION BASED BLACKLISTING METHOD FOR THE DETECTION OF MALICIOUS WEBPAGESAbstract: Malicious web pages that host drive by download exploits have become a popular means by which an attacker delivers malicious contents to computers across the internet. The popularity of the attack has led to researchers developing systems to detect and stop such attacks. These methods include dynamic solutions, static solutions and the use of blacklisting and whitelisting methods. Blacklisting and in particular URL blacklisting is one of such detection methods. URL blacklisting analyzes the structure of a web page URL. URL blacklisting are however prone to evasion attacks when the lexical structure of the URL changes. In this paper, we propose the usage of domain related information for the detection of drive by download web pages. These domain features are used to model a scoring mechanism classification system. We show the effectiveness of detecting malicious web pages using domain based by obtaining a high detection rate and a relatively low false negative.
|