Skip to main content
SpringerLink
Log in
Book cover

Pacific-Asia Workshop on Intelligence and Security Informatics

PAISI 2013: Intelligence and Security Informatics pp 97–106Cite as

Detecting Web Attacks Based on Domain Statistics

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8039))

Abstract

The most reliable approach for identifying malicious web sites is honeypot, an execution-based method, but it is time consuming and computation intensive. The challenge is that the web traffic is huge in a network and an efficient classification method is desired to process large scale user requests efficiently. Based on our preliminary study, the domains of malicious websites are often unreliable and exhibit distinct attributes from the normal. To classify massive volume of web traffic in a network, this study proposes a two-stage web attack detection mechanism: first identifying suspicious web sites through the statistic domain reputation system and then sandboxing only the suspicious ones. Such detection not only reduces the required computation resources and time, but also remains the efficiency benefited from execution-based detection. The results show that the proposed classification efficiently saves computing time and its practicality under large-scale web requests.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. CENZIC, Web Application Security Trends Report, http://www.cenzic.com/downloads/Cenzic_AppSecTrends_Q3-Q4-2010

  2. Netcraft, Web server Suvery (March 2012), http://news.netcraft.com/

  3. Hou, Y.T., Chang, Y., Chen, T., Laih, C.S., Chen, C.M.: Malicious Web Content Detection by Machine Learning. Expert Systems with Applications 37(1), 55–60 (2010)

    Article  Google Scholar 

  4. Ourston, D., Matzner, S., Stump, W., Hopkins, B.: Applications of Hidden Markov Models to Detecting Multi-stage Network Attacks. In: Proceedings of the 36th Annual Hawaii International Conference on System Sciences (2003)

    Google Scholar 

  5. Wang, Y.-M., Beck, D., Jiang, X., Roussev, R., Verbowski, C., Chen, S., King, S.: Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities. In: 13th Annual Network and Distributed System Security Symposium (2006)

    Google Scholar 

  6. Yuan, B.: Client-side honeypots. Master’s thesis. University of Mannheim (2007)

    Google Scholar 

  7. Seifert, C., Steenson, R.: Capture - Honeypot Client (Capture-HPC). Victoria University of Wellington, NZ (2006)

    Google Scholar 

  8. Gruener, W.: Google: Anti-virus Software Needs to Share Up (2008), http://www.tomsguide.com/us/google-anti-virus,news-603.html

  9. Provos, N., Mavrommatis, P., Rajab, M.A., Monrose, F.: All Your iFRAMEs Point to Us. In: Proceedings of the 17th Conference on Security Symposium (2008)

    Google Scholar 

  10. Moshchuk, A., Bragin, T., Gribble, S.D., Levy, H.M.: A Crawler-based Study of Spyware on the Web. In: Proceedings of the 2006 Network and Distributed System Security Symposium (NDSS), pp. 17–33 (2006)

    Google Scholar 

  11. Ikinci, A., Holz, T., Freiling, F.: Monkey-Spider:Detecting malicious websites with Low-Interaction Honeyclients. Master’s thesis, University of Mannheim (2007)

    Google Scholar 

  12. Provos, N., McNamee, D., Mavrommatis, P., Wang, K., Modadugu, N.: The ghost in the browser analysis of web-based malware. In: Proceedings of the First Workshop on Hot Topics in Understanding Botnets, Cambridge (2007)

    Google Scholar 

  13. Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection, pp. 32–46 (2005)

    Google Scholar 

  14. Lin, S.F., Hou, Y.T., Chen, C.M., Jeng, B.C., Laih, C.S.: Malicious Webpage Detection by Semantics-Aware Reasoning. In: Proceedings of the International Conference on Intelligent Systems Design and Applications, pp. 115–120 (2008)

    Google Scholar 

  15. Spitzner, L.: Honeypots: Tracking Hackers. Addison-Wesley (2002)

    Google Scholar 

  16. Seifert, C., Welch, I., Komisarczuk, P.: Identification of Malicious Web Pages Through Analysis of Underlying DNS and Web Server Relationships. In: 33rd Annual IEEE Conference on Local Computer Networks (2008)

    Google Scholar 

  17. Sadan, Z., Schwartz, D.G.: WhiteScript: Using social network analysis parameters to balance between browser usability and malware exposure. Computers & Security 30(1), 4–12 (2010)

    Article  Google Scholar 

  18. Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a Dynamic Reputation System for DNS. In: Proc. USENIX Security Symposium (2010)

    Google Scholar 

  19. Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: EXPOSURE:Finding malicious domains using passive DNS analysis. In: Proc. Network and Distributed System Security Symposium, NDSS (2011)

    Google Scholar 

  20. SECURELIST, “Exploit Kits – A Different View”, http://www.securelist.com/en/analysis/204792160/Exploit_Kits_A_Different_View

  21. Cheng, Y.C.: Evolving Threat Landscapes Web-Based Botnet through Exploit Kits and Scripts Evolution. In: Workshop on Understanding Botnets of Taiwan (2011)

    Google Scholar 

  22. Real free websites, “How to choose a domain name”, http://www.realfreewebsites.com/articles/how-to-choose-a-domain-name/,2008

  23. DominateSEO.net, “Buy Deleted Domain to Give You New Business A Boost”, http://dominateseo.net/deleted-domains

  24. http://mayoup555.xtgem.com/Operator%20GSM/Www.co.cc

  25. http://smallbusiness.yahoo.com/

  26. http://www.godaddy.com/domains/get-a-website-Globe-2.aspx?isc=gtnftw01

  27. IANA, “Internet Assigned Numbers Authority”, http://www.iana.org/numbers

  28. Huang, M.Z.: Hybrid Botnet Detection. Master thesis, National Sun Yat-Sen University (2008)

    Google Scholar 

  29. CLEAN MX, “CLEAN MX realtime database”, http://support.clean-mx.de/clean-mx/viruses

  30. Malware Domain List, “Malware Domain List”, http://www.malwaredomainlist.com/

  31. Phishtank, “Phishtank”, http://www.phishtank.com/

  32. Alexa, “Alexa the Web Information Company”, http://www.alexa.com/

  33. Dmoz, “Open Directory Project”, http://www.dmoz.org/

  34. McAfee, “MaAfee SiteAdvisor”, http://www.siteadvisor.com/

Download references

Author information

Authors and Affiliations

  1. Department of Information Management, National Sun Yat-Sen University, Kaohsiung, Taiwan

    Chia-Mei Chen, Jhe-Jhun Huang & Ya-Hui Ou

Authors
  1. Chia-Mei Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jhe-Jhun Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ya-Hui Ou
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Pamplin College of Business, Virginia Tech, 1007 Pamplin Hall, 24061, Blacksburg, VA, USA

    G. Alan Wang

  2. Cloud Computing Center, Chinese Academy of Sciences, Dongguan Research Institute of CASIA, Songshan Lake, 523808, Dongguan, China

    Xiaolong Zheng

  3. School of Business, Faculty of Business and Economics, The University of Hong Kong, 8/F, K.K. Leung Building, Pokfulam, Hong Kong, China

    Michael Chau

  4. Department of Management Information Systems, University of Arizona, McClelland Hall 430, 1130 East Helen Street, 85721, Tucson, AZ, USA

    Hsinchun Chen

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chen, CM., Huang, JJ., Ou, YH. (2013). Detecting Web Attacks Based on Domain Statistics. In: Wang, G.A., Zheng, X., Chau, M., Chen, H. (eds) Intelligence and Security Informatics. PAISI 2013. Lecture Notes in Computer Science, vol 8039. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39693-9_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-39693-9_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-39692-2

  • Online ISBN: 978-3-642-39693-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation