{"title":"基于静态启发式的恶意网页识别","authors":"C. Seifert, Ian Welch, P. Komisarczuk","doi":"10.1109/ATNAC.2008.4783302","DOIUrl":null,"url":null,"abstract":"Malicious web pages that launch client-side attacks on web browsers have become an increasing problem in recent years. High-interaction client honeypots are security devices that can detect these malicious web pages on a network. However, high-interaction client honeypots are both resource-intensive and known to miss attacks. This paper presents a novel classification method for detecting malicious web pages that involves inspecting the underlying static attributes of the initial HTTP response and HTML code. Because malicious web pages import exploits from remote resources and hide exploit code, static attributes characterizing these actions can be used to identify a majority of malicious web pages. Combining high-interaction client honeypots and this new classification method into a hybrid system leads to significant performance improvements.","PeriodicalId":143803,"journal":{"name":"2008 Australasian Telecommunication Networks and Applications Conference","volume":"46 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"111","resultStr":"{\"title\":\"Identification of Malicious Web Pages with Static Heuristics\",\"authors\":\"C. Seifert, Ian Welch, P. Komisarczuk\",\"doi\":\"10.1109/ATNAC.2008.4783302\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Malicious web pages that launch client-side attacks on web browsers have become an increasing problem in recent years. High-interaction client honeypots are security devices that can detect these malicious web pages on a network. However, high-interaction client honeypots are both resource-intensive and known to miss attacks. This paper presents a novel classification method for detecting malicious web pages that involves inspecting the underlying static attributes of the initial HTTP response and HTML code. Because malicious web pages import exploits from remote resources and hide exploit code, static attributes characterizing these actions can be used to identify a majority of malicious web pages. Combining high-interaction client honeypots and this new classification method into a hybrid system leads to significant performance improvements.\",\"PeriodicalId\":143803,\"journal\":{\"name\":\"2008 Australasian Telecommunication Networks and Applications Conference\",\"volume\":\"46 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-12-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"111\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 Australasian Telecommunication Networks and Applications Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ATNAC.2008.4783302\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 Australasian Telecommunication Networks and Applications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ATNAC.2008.4783302","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Identification of Malicious Web Pages with Static Heuristics
Malicious web pages that launch client-side attacks on web browsers have become an increasing problem in recent years. High-interaction client honeypots are security devices that can detect these malicious web pages on a network. However, high-interaction client honeypots are both resource-intensive and known to miss attacks. This paper presents a novel classification method for detecting malicious web pages that involves inspecting the underlying static attributes of the initial HTTP response and HTML code. Because malicious web pages import exploits from remote resources and hide exploit code, static attributes characterizing these actions can be used to identify a majority of malicious web pages. Combining high-interaction client honeypots and this new classification method into a hybrid system leads to significant performance improvements.