WebMon: ML- and YARA-based malicious webpage detection

WebMon: ML- and YARA-based malicious webpage detection

Attackers use the openness of the Internet to facilitate the dissemination of malware. Their attempts to infect target systems via the Web have increased with time and are unlikely to abate. In response to this threat, we present an automated, low-interaction malicious webpage detector, WebMon, that...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 2018-06, Vol.137, p.119-131
Hauptverfasser: Kim, Sungjin, Kim, Jinkook, Nam, Seokwoo, Kim, Dohoon
Format: Artikel
Sprache:eng
Schlagworte:
Artificial intelligence
Computer networks
Containers
Docker
Internet
Internet resources
Machine learning
Malicious URL
Malware
WebKit2
Websites
YARA
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Attackers use the openness of the Internet to facilitate the dissemination of malware. Their attempts to infect target systems via the Web have increased with time and are unlikely to abate. In response to this threat, we present an automated, low-interaction malicious webpage detector, WebMon, that identifies invasive roots in Web resources loaded from WebKit2-based browsers using machine learning and YARA signatures. WebMon effectively detects hidden exploit codes by tracing linked URLs to confirm whether the relevant websites are malicious. WebMon detects a variety of attacks by running 250 containers simultaneously. In this configuration, the proposed model yields a detection rate of 98%, and is 7.6 times faster (with a container) than previously proposed models. Most importantly, WebMon’s focus on extracting malicious paths in a domain is a novel approach that has not been explored in previous studies.
ISSN:1389-1286
1872-7069
DOI:10.1016/j.comnet.2018.03.006