Characterizing Current Features of Malicious Threats on Websites

  • Wan Nurulsafawati Wan MananEmail author
  • Abdul Ghani Ali Ahmed
  • Mohd Nizam Mohmad Kahar
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 866)


The advance growth of cybercrime in recent years especially in high critical networks becomes an urgent issue to the security authorities. They compromised computer system, targeting especially to government sector, ecommerce and banking networks rigorously and made it difficult to detect the perpetrators. Attackers used a powerful technique, by embedding a malicious code in a normal webpage that resulted harder detection. Early detection and act on such threats in a timely manners is vital in order to reduce the losses which have caused billions of dollars every year. Previously, the detection of malicious is done through the use of blacklisting repository. The repository or database was compiled over time through crowd sourcing solution (e.g.: PishTank, Zeus Tracker Blacklist, StopBadWare.. etc.). However, such technique cannot be exhaustive and unable to detect newly generated malicious URL or zero-day exploit. Therefore, this paper aims to provide a comprehensive survey and detailed understanding of malicious code and URL features which have been extracted from the web content and structures of the websites. We studied the characteristic of malicious webpage systematically and syntactically and present the most important features of malicious threats in web pages. Each category will be presented along with different dimensions (features representation, algorithm design, etc.).


Cybercrime Malicious website Malicious features 



This study was fully funded by the Ministry of Higher Education in Malaysia (RDU 160106).


  1. 1.
    Ahmed, A.A., Li, C.X.: Locating and collecting cybercrime evidences on cloud storage: review. In: 2016 International Conference on Information Science and Security, ICISS 2016 (2017)Google Scholar
  2. 2.
    Sahoo, D., Liu, C., Hoi, S.C.H.: Malicious URL detection using machine learning: a survey, pp. 1–21 (2017)Google Scholar
  3. 3.
    Awathe, A.: Malicious web page detection through classification technique : a survey, vol. 8491, pp. 74–79 (2017)Google Scholar
  4. 4.
    Akiyama, M., Yagi, T., Itoh, M.: Searching structural neighborhood of malicious URLs to improve blacklisting. In: Proceedings of 11th IEEE/IPSJ International Symposium on Applications and Internet, SAINT 2011, pp. 1–10 (2011)Google Scholar
  5. 5.
    Garera, S., Provos, N., Chew, M., Rubin, A.D.: A framework for detection and measurement of phishing attacks. In: Proceedings of 2007 ACM Workshop on Recurring Malcode - WORM 2007, p. 1 (2007)Google Scholar
  6. 6.
    Ma, J., Saul, L., Savage, S., Voelker, G.: Identifying suspicious URLs: an application of large-scale online learning. In: Proceedings of the 26th Annual International Conference on Machine Learning, pp. 681–688 (2009)Google Scholar
  7. 7.
    Ma, J., Saul, L.K., Savage, S., Voelker, G.M.: Beyond blacklists : learning to detect malicious web sites from suspicious URLs. In: World Wide Web Internet Web Information System, pp. 1245–1253 (2009)Google Scholar
  8. 8.
    Hou, Y.T., Chang, Y., Chen, T., Laih, C.S., Chen, C.M.: Malicious web content detection by machine learning. Expert Syst. Appl. 37(1), 55–60 (2010)CrossRefGoogle Scholar
  9. 9.
    Canali, D., Cova, M., Vigna, G., Kruegel, C.: Prophiler : a fast filter for the large-scale detection of malicious web pages categories and subject descriptors. In: Proceedings of International World Wide Web Conference, pp. 197–206 (2011)Google Scholar
  10. 10.
    Choi, H., Zhu, B.B., Lee, H.: Detecting malicious web links and identifying their attack types. WebApps 11, 11 (2011)Google Scholar
  11. 11.
    Eshete, B.: Effective analysis, characterization, and detection of malicious web pages. In: Proceedings of 22nd International Conference on World Wide Web companion, pp. 355–360 (2013)Google Scholar
  12. 12.
    Kim, B., Im, C., Jung, H.: Suspicious malicious web site detection with strength analysis of a javascript obfuscation. Int. J. Adv. Sci. Technol. 26, 19–32 (2011)Google Scholar
  13. 13.
    Canfora, G., Visaggio, C.A.: A set of features to detect web security threats. J. Comput. Virol. Hacking Tech. 12(4), 243–261 (2016)CrossRefGoogle Scholar
  14. 14.
    Seshagiri, P., Vazhayil, A., Sriram, P.: AMA: static code analysis of web page for the detection of malicious scripts. Proc. Comput. Sci. 93, 768–773 (2016)CrossRefGoogle Scholar
  15. 15.
    Saquib, S., Ali, R.: Malicious Behavior in Online Social NetworkGoogle Scholar
  16. 16.
    Neeraja, M., Prakash, J.: Detecting Malicious Posts in Social Networks Using Text Analysis, vol. 5, no. 6, pp. 2015–2017 (2016)Google Scholar
  17. 17.
    Eshete, B.: Security and Privacy in Communication Networks, vol. 106, p. 2015 (2013)Google Scholar
  18. 18.
    Fraiwan, M., Al-Salman, R., Khasawneh, N., Conrad, S.: Analysis and identification of malicious javascript code. Inf. Secur. J. 21(1), 1–11 (2012)Google Scholar
  19. 19.
    Xu, S., Bylander, T., Maynard, H.B., Sandhu, R., Xu, M.: Detecting and characterizing malicious websites (2014)Google Scholar
  20. 20.
    Bielova, N.: Survey on JavaScript security policies and their enforcement mechanisms in a web browser. J. Log. Algebr. Program. 82(8), 243–262 (2013)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Wan Nurulsafawati Wan Manan
    • 1
    Email author
  • Abdul Ghani Ali Ahmed
    • 1
  • Mohd Nizam Mohmad Kahar
    • 1
  1. 1.Faculty of Computer System and Software EngineeringUniversity Malaysia PahangPekanMalaysia

Personalised recommendations