Abstract
The most reliable approach for identifying malicious web sites is honeypot, an execution-based method, but it is time consuming and computation intensive. The challenge is that the web traffic is huge in a network and an efficient classification method is desired to process large scale user requests efficiently. Based on our preliminary study, the domains of malicious websites are often unreliable and exhibit distinct attributes from the normal. To classify massive volume of web traffic in a network, this study proposes a two-stage web attack detection mechanism: first identifying suspicious web sites through the statistic domain reputation system and then sandboxing only the suspicious ones. Such detection not only reduces the required computation resources and time, but also remains the efficiency benefited from execution-based detection. The results show that the proposed classification efficiently saves computing time and its practicality under large-scale web requests.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
CENZIC, Web Application Security Trends Report, http://www.cenzic.com/downloads/Cenzic_AppSecTrends_Q3-Q4-2010
Netcraft, Web server Suvery (March 2012), http://news.netcraft.com/
Hou, Y.T., Chang, Y., Chen, T., Laih, C.S., Chen, C.M.: Malicious Web Content Detection by Machine Learning. Expert Systems with Applications 37(1), 55–60 (2010)
Ourston, D., Matzner, S., Stump, W., Hopkins, B.: Applications of Hidden Markov Models to Detecting Multi-stage Network Attacks. In: Proceedings of the 36th Annual Hawaii International Conference on System Sciences (2003)
Wang, Y.-M., Beck, D., Jiang, X., Roussev, R., Verbowski, C., Chen, S., King, S.: Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities. In: 13th Annual Network and Distributed System Security Symposium (2006)
Yuan, B.: Client-side honeypots. Master’s thesis. University of Mannheim (2007)
Seifert, C., Steenson, R.: Capture - Honeypot Client (Capture-HPC). Victoria University of Wellington, NZ (2006)
Gruener, W.: Google: Anti-virus Software Needs to Share Up (2008), http://www.tomsguide.com/us/google-anti-virus,news-603.html
Provos, N., Mavrommatis, P., Rajab, M.A., Monrose, F.: All Your iFRAMEs Point to Us. In: Proceedings of the 17th Conference on Security Symposium (2008)
Moshchuk, A., Bragin, T., Gribble, S.D., Levy, H.M.: A Crawler-based Study of Spyware on the Web. In: Proceedings of the 2006 Network and Distributed System Security Symposium (NDSS), pp. 17–33 (2006)
Ikinci, A., Holz, T., Freiling, F.: Monkey-Spider:Detecting malicious websites with Low-Interaction Honeyclients. Master’s thesis, University of Mannheim (2007)
Provos, N., McNamee, D., Mavrommatis, P., Wang, K., Modadugu, N.: The ghost in the browser analysis of web-based malware. In: Proceedings of the First Workshop on Hot Topics in Understanding Botnets, Cambridge (2007)
Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection, pp. 32–46 (2005)
Lin, S.F., Hou, Y.T., Chen, C.M., Jeng, B.C., Laih, C.S.: Malicious Webpage Detection by Semantics-Aware Reasoning. In: Proceedings of the International Conference on Intelligent Systems Design and Applications, pp. 115–120 (2008)
Spitzner, L.: Honeypots: Tracking Hackers. Addison-Wesley (2002)
Seifert, C., Welch, I., Komisarczuk, P.: Identification of Malicious Web Pages Through Analysis of Underlying DNS and Web Server Relationships. In: 33rd Annual IEEE Conference on Local Computer Networks (2008)
Sadan, Z., Schwartz, D.G.: WhiteScript: Using social network analysis parameters to balance between browser usability and malware exposure. Computers & Security 30(1), 4–12 (2010)
Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a Dynamic Reputation System for DNS. In: Proc. USENIX Security Symposium (2010)
Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: EXPOSURE:Finding malicious domains using passive DNS analysis. In: Proc. Network and Distributed System Security Symposium, NDSS (2011)
SECURELIST, “Exploit Kits – A Different View”, http://www.securelist.com/en/analysis/204792160/Exploit_Kits_A_Different_View
Cheng, Y.C.: Evolving Threat Landscapes Web-Based Botnet through Exploit Kits and Scripts Evolution. In: Workshop on Understanding Botnets of Taiwan (2011)
Real free websites, “How to choose a domain name”, http://www.realfreewebsites.com/articles/how-to-choose-a-domain-name/,2008
DominateSEO.net, “Buy Deleted Domain to Give You New Business A Boost”, http://dominateseo.net/deleted-domains
http://www.godaddy.com/domains/get-a-website-Globe-2.aspx?isc=gtnftw01
IANA, “Internet Assigned Numbers Authority”, http://www.iana.org/numbers
Huang, M.Z.: Hybrid Botnet Detection. Master thesis, National Sun Yat-Sen University (2008)
CLEAN MX, “CLEAN MX realtime database”, http://support.clean-mx.de/clean-mx/viruses
Malware Domain List, “Malware Domain List”, http://www.malwaredomainlist.com/
Phishtank, “Phishtank”, http://www.phishtank.com/
Alexa, “Alexa the Web Information Company”, http://www.alexa.com/
Dmoz, “Open Directory Project”, http://www.dmoz.org/
McAfee, “MaAfee SiteAdvisor”, http://www.siteadvisor.com/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chen, CM., Huang, JJ., Ou, YH. (2013). Detecting Web Attacks Based on Domain Statistics. In: Wang, G.A., Zheng, X., Chau, M., Chen, H. (eds) Intelligence and Security Informatics. PAISI 2013. Lecture Notes in Computer Science, vol 8039. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39693-9_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-39693-9_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39692-2
Online ISBN: 978-3-642-39693-9
eBook Packages: Computer ScienceComputer Science (R0)