Efficient classification scheme for detecting malicious websites

Insoon Jo, Im Y. Jung, Heon Y. Yeom

Research output: Contribution to journalArticlepeer-review

Abstract

Websites have become the most popular way of distributing malware, so it is important to detect those websites before users visit them. Prior approaches to detecting malware distribution websites have either suffered from low accuracy or incurred high overhead. We propose to consider the disparity between the claimed "identity" of a website and the observed one. Given a website, our system collects clues that show the identity that this website claims, and measures disparity between its domain and content using textual relevance. Our disparity measure has significantly little overhead and is not prone to content noise. Experimental results demonstrate that our mechanism detects malware distribution websites with considerably high accuracies, especially without noticeable overhead.

Original languageEnglish
Pages (from-to)2907-2916
Number of pages10
JournalInformation
Volume16
Issue number5
StatePublished - May 2013

Keywords

  • Drive-by downloads
  • Machine learning
  • Malware distribution
  • Reasoning
  • Usable security

Fingerprint

Dive into the research topics of 'Efficient classification scheme for detecting malicious websites'. Together they form a unique fingerprint.

Cite this