ADAM: Automated Detection and Attribution of Malicious Webpages

  • Ahmed E. Kosba
  • Aziz Mohaisen
  • Andrew West
  • Trevor Tonn
  • Huy Kang Kim
Conference paper

DOI: 10.1007/978-3-319-15087-1_1

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8909)
Cite this paper as:
Kosba A.E., Mohaisen A., West A., Tonn T., Kim H.K. (2015) ADAM: Automated Detection and Attribution of Malicious Webpages. In: Rhee KH., Yi J. (eds) Information Security Applications. WISA 2014. Lecture Notes in Computer Science, vol 8909. Springer, Cham

Abstract

Malicious webpages are a prevalent and severe threat in the Internet security landscape. This fact has motivated numerous static and dynamic techniques to alleviate such threat. Building on this existing literature, this work introduces the design and evaluation of ADAM, a system that uses machine-learning over network metadata derived from the sandboxed execution of webpage content. ADAM aims at detecting malicious webpages and identifying the type of vulnerability using simple set of features as well. Machine-trained models are not novel in this problem space. Instead, it is the dynamic network artifacts (and their subsequent feature representations) collected during rendering that are the greatest contribution of this work. Using a real-world operational dataset that includes different type of malice behavior, our results show that dynamic cheap network artifacts can be used effectively to detect most types of vulnerabilities achieving an accuracy reaching 96 %. The system was also able to identify the type of a detected vulnerability with high accuracy achieving an exact match in 91 % of the cases. We identify the main vulnerabilities that require improvement, and suggest directions to extend this work to practical contexts.

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Ahmed E. Kosba
    • 1
  • Aziz Mohaisen
    • 2
  • Andrew West
    • 2
  • Trevor Tonn
    • 3
  • Huy Kang Kim
    • 4
  1. 1.University of Maryland at College ParkCollege ParkUSA
  2. 2.Verisign LabsRestonUSA
  3. 3.Amazon.comWashington DCUSA
  4. 4.Korea UniversitySeoulSouth Korea

Personalised recommendations