Malicious Webpage Detection by Semantics-Aware Reasoning

The evolutional development of dynamic HTML techniques empowers attackers a new and powerful tool to compromise machines. A malicious DHTML code disguises itself as a normal Webpage. The malicious Webpage infects the victim when a user browses it. Furthermore, such DHTML code can disguise easily thr...

Full description

Saved in:
Bibliographic Details
Main Authors: Shih-Fen Lin, Yung-Tsung Hou, Chia-Mei Chen, Bingchiang Jeng, Chi-Sung Laih
Format: Conference Proceeding
Language:English
Subjects:
Detection algorithms
Detectors
Frequency
HTML
Information management
Intelligent systems
Java
malicious code
memory-based reasoning
National security
semantics modeling
Software packages
Web and internet services
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The evolutional development of dynamic HTML techniques empowers attackers a new and powerful tool to compromise machines. A malicious DHTML code disguises itself as a normal Webpage. The malicious Webpage infects the victim when a user browses it. Furthermore, such DHTML code can disguise easily through obfuscation or transformation, which makes detection even harder. Anti-virus software packages commonly use signature-based approaches which might not be able to efficiently identify camouflage malicious HTML code. In this paper, we propose a novel semantics-aware reasoning detection algorithm (SeAR) using the techniques of semantic modeling and memory-based reasoning for malicious Webpage detection. SeAR is resilient to code obfuscations and is able to detect malicious Webpage correctly. The experiments demonstrate that our detection algorithm can effectively detect variants of malicious HTML code with a low false rate.
ISSN:2164-7143
2164-7151
DOI:10.1109/ISDA.2008.290