WANG Tao,YU Shun-zheng

DOI: https://doi.org/10.3969/j.issn.1002-137x.2011.01.019

2011-01-01

Computer Science

Abstract:Malicious Web pages impose increasing threats on Web security in recent years.Currently,there are mainly two client-side protection approaches including anti-virus software packages and blacklists of malicious sites.Anti-virus techniques commonly use signature-based approaches which might not be able to efficiently identify malicious HTML codes with encryption and obfuscation.Furthermore,blacklisting techniques are difficult to keep up-to-date.This paper presented a novel classification method for real-time detecting malicious Web pages which is independent with the contents of Web pages.Our approach characterizes malicious Web pages using HTTP session information.With representative statistical features and decision tree algorithm in machine learning,we built an effective classification model for online real-time detecting malicious Web pages.Experiment results demonstrate that we are able to successfully detect 89.7% of the malicious Web pages with a low false positive rate of 0.3%.

Wen Zhang,Yuxin Ding,Yan Tang,Bin Zhao

DOI: https://doi.org/10.1109/icmlc.2011.6016954

2011-01-01

Abstract:The Internet has become an indispensable tool in peoples' daily life. It also bring us serious computer security problem. One big security threat comes from malicious webpages. In this paper we study how to detect malicious pages. Since malicious webpages are generated inconstantly, we use on line learning methods to detect malicious webpages. To keep the client side as safe as possible, we do not download the webpages, and analysis webpages' content. We only use URL information to determine if the URL links to a malicious pages. The feature selection methods for URL are discussed, and the performances of different on line learning methods are compared. To improve the performance of on line learning classifiers, an improved on line learning method is proposed, experiments show that this method is effective.

Jingbing Chen,Jie Yuan,Yuewei Li,Yiqi Zhang,Yufan Yang,Ruiqi Feng

DOI: https://doi.org/10.1145/3446132.3446183

2020-01-01

Abstract:In recent years, due to the high availability and convenience of the Internet, more and more information provides corresponding services through the Internet. As people are increasingly relying on the Internet, network security issues have become increasingly prominent, and a large number of malicious web pages have also emerged. How to achieve proactive and efficient detection of malicious web pages has become a research focus in the field of network security worldwide. This paper uses the Support Vector Machine algorithm to realize autonomous learning and build the classifier; chooses the TF-IDF method to process the data, and obtains the feature matrix of the collected URL data, which is stored in the sparse matrix after normalization and standardization. To avoid the existence of relatively strong features from affecting the classification results of the classifier, the K-Means method and TruncatedSVD method are used to reduce the dimension of the data features. The linear kernel function is used for large samples, and the Gaussian kernel function is used for small samples, so that the performance of the classifier is optimal. In the training process, the grid search method is used to obtain the optimal parameters forming a complete and mature detection system. And a ten-fold cross-validation method is used to test the correct rate, recall rate, accuracy rate and F1 value of the classifier. Finally the experimental result shows the malicious web page detection model has a good reference for big data processing.

Tao Yue,Jianhua Sun,Hao Chen

DOI: https://doi.org/10.1109/icdma.2013.145

2013-01-01

Abstract:With the World Wide Web expanding continuously, more and more malicious web pages including phishing, malware and spamming spread rapidly, we are facing a great threat. The work of detecting malicious web pages and identifying their threat types has some shortcomings. In existing studies of malicious webpage detection, most are just for detecting a single attack type. In this paper, we extract a variety of webpage features and use machine learning algorithms to build an efficient classifier. By the classifier, we can detect malicious web pages and identify all the popular threat types. The features extracted in our method are derived from the HTML contents, the associated Java Script code, and the corresponding URL. We collected 1000 benign web pages and 1500 malicious web pages as experimental data sets. The experimental results show that our method achieves a superior performance: the accuracy was over 95% in detecting malicious web pages and over 88% in identifying threat types.

Senhao Wen,Zhiyuan Zhao,Hanbing Yan

DOI: https://doi.org/10.1145/3199478.3199500

2018-03-16

Abstract:We are increasingly relying on HTML(Hypertext Markup Language) web-pages, including online shopping, obtaining information and handling official business, whether on a mobile phone or on a computer. But the underground industry or deliberate attacker has also targeted us. They forges misleading URLs(UniformResourceLocators) and web-pages with various tricky skills which are difficult to identify even for the professionals, so as to steal money, manipulate our devices, monitor our lives. Currently, most of the malicious websites detecting technology is based on features of URLs or Web page elements, which make us feel upset, because it is difficult to extract all the features, and its hysteresis quality make it hard to meet the requirement of tracking the rapid changes of malicious web sites, especially the phishing websites. This paper design a thorough associated analysis model of web-pages using the technology of topic tracking, topic abnormal discovery, web-page visual similarity assessment, web-page structure analyzing, URL analyzing, Internet Resources analyzing and so on, to solve the problem of missing detecting malicious websites, especially with unknown features. The detecting model is able to discover the forged payment web-pages, fake web page which damage the reputation of the relevant organization, personal attack web-pages, tampered web page, web-page trojan, etc. In the meantime, it can track the topic of underground industry and sense the topic evolution. According to our experiments, it is effective and has high accuracy.

siyue zhang,weiguang wang,zhao chen,heng gu,jianyi liu,cong wang

DOI: https://doi.org/10.1109/CCIS.2014.7175767

2014-01-01

Abstract:Security risks brought by Web page information has been a matter that can no longer be ignored. Malicious script is a major challenge the Web sites security is facing currently. According to the data from the Google Research Centre, more than 10% of Web pages is malicious. Especially in China, the proportion of malicious Web pages has reached 43.21%. This paper presents a detection system which is used to locate the malicious scripts in Web pages. It acquires and builds up malicious code features base, URL of hidden links base etc. based on safety data published on security research Web sites. The Web crawler is applied to collecting Web pages source code in this system and learning algorithm for classification is used to train the classifier. The classification results would be evaluated and improved in the end.

Wang Tao,Yu Shunzheng,Xie Bailin

DOI: https://doi.org/10.1109/ifita.2010.173

2010-01-01

Abstract:Malicious web pages are a widely-recognized threat to the security of the web. Malicious web pages launch so-called drive-by download attacks that are able to gain complete control of a user’s computer for illegitimate purpose. Even a single visit to a malicious web page enables an automatically download and installation of malicious malware executables. In this paper, we propose a novel approach for classifying web pages automatically as either malicious or benign based on a supervised machine learning. Our approach learns to detect malicious web pages exclusively based on HTTP session information (e.g., HTTP session headers, domains of requests and responses). With the corpus of 50,000 benign web pages and 500 malicious web pages, we are capable of successfully detecting 92.2% of the malicious web pages with a low false positive rate 0.1%.

Baojiang Cui,Shanshan He,Xi Yao,Peilin Shi

DOI: https://doi.org/10.1504/ijhpcn.2018.10015545

2018-01-01

International Journal of High Performance Computing and Networking

Abstract:Many web applications suffer from various web attacks due to the lack of awareness concerning security. Therefore, it is necessary to improve the reliability of web applications by accurately detecting malicious URLs. In previous studies, keyword matching has always been used to detect malicious URLs, but this method is not adaptive. In this paper, statistical analyses based on gradient learning and feature extraction using a sigmoidal threshold level are combined to propose a new detection approach based on machine learning techniques. Moreover, the naïve Bayes, decision tree and SVM classifiers are used to validate the accuracy and efficiency of this method. Finally, the experimental results demonstrate that this method has a good detection performance, with an accuracy rate above 98.7%. In practical use, this system has been deployed online and is being used in large-scale detection, analysing approximately 2 TB of data every day.

Yizhi Liu,Chaoqun Zhu,Yadi Wu,Heng Xu,Jun Song

DOI: https://doi.org/10.1002/cpe.6191

2021-01-19

Concurrency and Computation: Practice and Experience

Abstract:<p>In recent years, with the rapid development of mobile social networks and services, the research of mobile malicious webpage detection has become a hot topic. Most of the existing malicious webpage detection systems are deployed on desktop systems and servers. Due to the limitation of network transmission delay and computing resources, these existing solutions fail to provide the real‐time and lightweight properties for mobile webpage detection. In this paper, we propose an advanced mobile malicious webpage detection framework based on deep learning and edge cloud. Inspired by the idea of edge computing, a multidevice load optimization approach is first introduced to improve detection efficiency. Second, an automatic extraction approach based on deep learning model features is presented to enhance detection accuracy. Furthermore, detection systems can be flexibly deployed on edge nodes and servers, thus providing the properties of resource optimization deployment and real‐time detection. Finally, comparative analysis and performance evaluation are presented to show the detection efficiency and accuracy of the proposed framework.</p>

Jianhua Liu,Mengda Xu,Xin Wang,Shigen Shen,Minglu Li

DOI: https://doi.org/10.1109/access.2018.2882742

IF: 3.9

2018-01-01

IEEE Access

Abstract:The effective detection of malicious webpages plays a paramount role in ensuring the Web security on the Internet. However, the detection results of current methods are poor and their efficiency is low, and thus, it is important and challenging to design an efficient detection scheme that can improve the accuracy of classification of malicious webpages. To overcome this challenge, a Markov detection tree scheme is proposed in this paper to automatically identify and classify malicious webpages, where the link relations of unified resource locators, the information gain ratio, and Markov decision process as well as decision tree are used to analyze malicious webpages simultaneously. To increase the detection accuracy for malicious webpages, two methods of filling missing values are presented to process the null attribute values of webpages. We compare the performance of our algorithms when the different methods are applied in terms of the information gain ratio, classification accuracy, and detection efficiency. Our experimental results show that the proposed methods can improve the accuracy and efficiency in the classification of malicious webpage detections.

Fan Yang,Chaoqun Zhu,Heng Xu,Yongfeng Qian,Jun Song

DOI: https://doi.org/10.1002/cpe.6792

2021-12-27

Concurrency and Computation: Practice and Experience

Abstract:Summary Malicious webpage detection is a crucial work in both theory and practical environment. In practical applications, static detection methods are usually regarded as a priority choice, which can quickly detect unknown malicious web pages and avoid a costly in‐depth analysis. However, existing solution of static detection typically has the following problems. For example, a single static detection may lead to a higher false positive rate, and the integrated detection usually has a lower detection efficiency. In this article, we propose an efficient webpage static detection framework, especially considering both the detection efficiency and the detection accuracy. Then, on the basis of the extended feature sets from URL, HTML, and JavaScript, we introduce an optimized naive Bayesian algorithm, in which a novel amplification factor strategy is proposed. Finally, a webpage threat assessment model oriented to general machine learning is presented to achieve the refined detection. Three main properties are provided: high detection efficiency, high detection accuracy, and better applicability. Furthermore, the comprehensive experimental results and comparative analysis is given to show the advantages of the proposed framework.

Joshua Saxe,Richard Harang,Cody Wild,Hillary Sanders

DOI: https://doi.org/10.48550/arXiv.1804.05020

2018-04-14

Abstract:Malicious web content is a serious problem on the Internet today. In this paper we propose a deep learning approach to detecting malevolent web pages. While past work on web content detection has relied on syntactic parsing or on emulation of HTML and Javascript to extract features, our approach operates directly on a language-agnostic stream of tokens extracted directly from static HTML files with a simple regular expression. This makes it fast enough to operate in high-frequency data contexts like firewalls and web proxies, and allows it to avoid the attack surface exposure of complex parsing and emulation code. Unlike well-known approaches such as bag-of-words models, which ignore spatial information, our neural network examines content at hierarchical spatial scales, allowing our model to capture locality and yielding superior accuracy compared to bag-of-words baselines. Our proposed architecture achieves a 97.5% detection rate at a 0.1% false positive rate, and classifies small-batched web pages at a rate of over 100 per second on commodity hardware. The speed and accuracy of our approach makes it appropriate for deployment to endpoints, firewalls, and web proxies.

Cryptography and Security,Machine Learning

Jingbing Chen,Jie Yuan,Yuewei Li,Yiqi Zhang,Yufan Yang,Ruiqi Feng

DOI: https://doi.org/10.1145/3446132.3446183

2020-01-01

Abstract:In recent years, due to the high availability and convenience of the Internet, more and more information provides corresponding services through the Internet. As people are increasingly relying on the Internet, network security issues have become increasingly prominent, and a large number of malicious web pages have also emerged. How to achieve proactive and efficient detection of malicious web pages has become a research focus in the field of network security worldwide. This paper uses the Support Vector Machine algorithm to realize autonomous learning and build the classifier; chooses the TF-IDF method to process the data, and obtains the feature matrix of the collected URL data, which is stored in the sparse matrix after normalization and standardization. To avoid the existence of relatively strong features from affecting the classification results of the classifier, the K-Means method and TruncatedSVD method are used to reduce the dimension of the data features. The linear kernel function is used for large samples, and the Gaussian kernel function is used for small samples, so that the performance of the classifier is optimal. In the training process, the grid search method is used to obtain the optimal parameters forming a complete and mature detection system. And a ten-fold cross-validation method is used to test the correct rate, recall rate, accuracy rate and F1 value of the classifier. Finally the experimental result shows the malicious web page detection model has a good reference for big data processing.

Xiaoqing Gu,Hongyuan Wang,Tongguang Ni

DOI: https://doi.org/10.12733/jcis6350

2013-01-01

Journal of Computational Information Systems

Abstract:As the Electronic Commerce and On-line Trade expand, phishing has already become one of the several forms of network crimes. This paper presents an automatic approach for intelligent phishing web detection based on learning from a large number of legitimate and phishing webs. As given a web, its Uniform Resource Locator (URL) features are first analyzed, and then classified by Naïve Bayesian (NB) classifier. When the web's legality is still suspicious, its webpage is parsed into a document object model tree, and then classified by Support Vector Machine (SVM) classifier. Experimental results show that our approach can achieve the high detection accuracy, the lower detection time and performance with a small sample of the classification model training set. 1553-9105/Copyright © 2013 Binary Information Press.

Bin Liang,Jianjun Huang,Fang Liu,DaWei Wang,Daxiang Dong,Zhaohui Liang

DOI: https://doi.org/10.1109/EBISS.2009.5138008

2009-01-01

Abstract:In recent years, Web sites have already become the attackers' main target. When attackers embed malicious code in the Web pages, they generally change the display mode of the corresponding HTML tags to make the display effect of malicious code invisible or almost invisible to the browser users. In this paper, the concept of abnormal visibility is proposed to describe the display feature setting of malicious code embedded. According to the concept, a malicious code detection method based on abnormal visibility recognition is designed and a prototype system is implemented. Compared to traditional methods and systems, the method has higher efficiency and less maintenance cost. Besides, a special-purpose JavaScript interpreter is implemented to get the execution output of browser-end scripts that are often used to generate malicious code dynamically by attackers. Experiments show that this system can detect most of the malicious Web pages efficiently and at the same time locate the malicious code in the source code accurately.

jinxin zhong,gengyu wei,dongmei zhang,yixian yang

DOI: https://doi.org/10.1109/ICBNMT.2010.5705187

2010-01-01

Abstract:Nowadays, with the development of web applications, more and more cases of cyber attacks is found through the web, malicious web pages also spread on the Internet. These pages can disguise themselves easily through obfuscation or variation to escape. Furthermore, they also combine with rootkit, which makes the detection even harder. This paper presents a novel system named SAB 2 , which is a Static Analysis of Browser Behavior (SAB 2 ) detection method for detecting malicious web pages. We can define the normal behavior through static analysis of the browser behavior and compare with the browser behavior visiting a malicious web page, then determine whether a web page is malicious or not. Experimental results demonstrate that our method can identify the abnormal behavior of the Internet Explorer browser and it is able to accurately detect the existence of malicious web pages.

Qasem Abu Al-Haija,Mustafa Al-Fayoumi

DOI: https://doi.org/10.1007/s00521-023-08592-z

2023-04-20

Abstract:Uniform Resource Locator (URL) is a unique identifier composed of protocol and domain name used to locate and retrieve a resource on the Internet. Like any Internet service, URLs (also called websites) are vulnerable to compromise by attackers to develop Malicious URLs that can exploit/devastate the user's information and resources. Malicious URLs are usually designed with the intention of promoting cyber-attacks such as spam, phishing, malware, and defacement. These websites usually require action on the user's side and can reach users across emails, text messages, pop-ups, or devious advertisements. They have a potential impact that can reach, in some cases, to compromise the machine or network of the user, especially those arriving by email. Therefore, developing systems to detect malicious URLs is of great interest nowadays. This paper proposes a high-performance machine learning-based detection system to identify Malicious URLs. The proposed system provides two layers of detection. Firstly, we identify the URLs as either benign or malware using a binary classifier. Secondly, we classify the URL classes based on their feature into five classes: benign, spam, phishing, malware, and defacement. Specifically, we report on four ensemble learning approaches, viz. the ensemble of bagging trees (En_Bag) approach, the ensemble of k-nearest neighbor (En_kNN) approach, and the ensemble of boosted decision trees (En_Bos) approach, and the ensemble of subspace discriminator (En_Dsc) approach. The developed approaches have been evaluated on an inclusive and contemporary dataset for uniform resource locators (ISCX-URL2016). ISCX-URL2016 provides a lightweight dataset for detecting and categorizing malicious URLs according to their attack type and lexical analysis. Conventional machine learning evaluation measurements are used to evaluate the detection accuracy, precision, recall, F Score, and detection time. Our experiential assessment indicates that the ensemble of bagging trees (En_Bag) approach provides better performance rates than other ensemble methods. Alternatively, the ensemble of the k-nearest neighbor (En_kNN) approach provides the highest inference speed. We also contrast our En_Bag model with state-of-the-art solutions and show its superiority in binary classification and multi-classification with accuracy rates of 99.3% and 97.92%, respectively.

Shaheetha Liaquathali,Vadivazhagan Kadirvelu

DOI: https://doi.org/10.37934/araset.47.1.105122

2024-06-21

Journal of Advanced Research in Applied Sciences and Engineering Technology

Abstract:Malicious websites have become a pervasive concern in the digital realm, targeting careless users as well as organizations. It may result in substantial financial losses, identity theft, data intrusions, and damage to reputation. In order to create efficient countermeasures, it is crucial to comprehend the effects of interacting with such websites. There are several ways to classify malicious webpages. Web content analysis is one such way for protecting internet users from malicious activities. It entails analysing websites to identify potential hazards, such as phishing attempts, malware distribution, and fraudulent activities. Traditional methods relied on rule-based systems, but recent advances in natural language processing and machine learning have opened up new avenues for increasing the precision and scalability of web content analysis to classify malicious webpages. Most of the exciting research work focuses more on URL alone for risk free processing. This paper introduces novel method for analysing web contents especially textual contents of the webpages for classification. Among various tags in web technology, proposed method focuses on div, paragraph and meta tags. The textual contents of these tags are extracted and vectorized using three different vectorizers in natural language processing and classify the webpages using machine learning models. Seven different machine learning models are used for performance evaluation. The result shows that a combined textual content of three distinct tags with count vectorizer + random forest achieves the higher accuracy of 93.46% with 1000 features.

Hongliang Ma,Wei Wang,Zhen Han

DOI: https://doi.org/10.13245/j.hust.141107

2014-01-01

Abstract:In order to detect malicious Web pages efficiently ,a lightweight analysis method was pro-posed based on basic JavaScript code words .First ,crawler got all source codes from Web pages ,and then extracted JavaScript codes from source codes .Second ,self-defined basic code words replaced all JavaScript codes .Last ,three machine learning algorithms ,namely ,K-nearest neighbor (K-NN ) , principal component analysis (PCA ) as well as one-class support vector machine (SVM ) were em-ployed to detect malicious Web pages based on anomaly detection .The extensive experimental results show that our method can detect Web pages efficiently .In particular ,PCA achieves a detection rate as 90% with false positive rate of 1% ,detecting 250 s-1 .

Wang Tao,Yu Shunzheng,Xie Yi

2012-01-01

Journal of Computer Research and Development

Abstract:There were mainly two mechanisms to defend against drive-by download attacks, including signature matching with HTML codes and high-interaction virtual web-honeypots. The former might not be able to identify malicious HTML codes with encryption or obfuscation, and the latter is heavyweight and difficult to satisfy real-time deployment for clients. In this paper, we present a novel approach for detecting of drive-by download attacks. This approach characterizes drive-by download attacks based on HTTP session tracking, mainly including session link tree based and domain based features. Several statistical methods are used to analyze and compare the related features of normal and malicious Web pages. With these features and the techniques of supervised machine learning, we have built a classification model to identify malicious Web pages effectively. Experiment results show that we are able to successfully detect 91.7% of the malicious Web pages with a very low false positive rate of 0.1%.