Two-Stage Classification Model to Detect Malicious Web Pages

Malicious web pages are an emerging security concern on the Internet due to their popularity and their potential serious impacts. Detecting and analyzing them is very costly because of their qualities and complexities. There has been some research approaches carried out in order to detect them. The approaches can be classified into two main groups based on their used analysis features: static feature based and run-time feature based approaches. While static feature based approach shows it strengthens as light-weight system, run-time feature based approach has better performance in term of detection accuracy. This paper presents a novel two-stage classification model to detect malicious web pages. Our approach divided detection process into two stages: Estimating maliciousness of web pages and then identifying malicious web pages. Static features are light-weight but less valuable so they are used to identify potential malicious web pages in the first stage. Only potential malicious web pages are forwarded to the second stage for further investigation. On the other hand, run-time features are costly but more valuable so they are used in the final stage to identify malicious web pages.