ADAM: Automated detection and attribution of malicious webpages

Ahmed E. Kosba; Aziz Mohaisen; Andrew West; Trevor Tonn; Huy Kang Kim

doi:10.1007/978-3-319-15087-1_1

ADAM: Automated detection and attribution of malicious webpages

Ahmed E. Kosba, Aziz Mohaisen, Andrew West, Trevor Tonn, Huy Kang Kim

School of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Citations (Scopus)

Abstract

Malicious webpages are a prevalent and severe threat in the Internet security landscape. This fact has motivated numerous static and dynamic techniques to alleviate such threat. Building on this existing literature, this work introduces the design and evaluation of ADAM, a system that uses machine-learning over network metadata derived from the sandboxed execution of webpage content. ADAM aims at detecting malicious webpages and identifying the type of vulnerability using simple set of features as well. Machine-trained models are not novel in this problem space. Instead, it is the dynamic network artifacts (and their subsequent feature representations) collected during rendering that are the greatest contribution of this work. Using a real-world operational dataset that includes different type of malice behavior, our results show that dynamic cheap network artifacts can be used effectively to detect most types of vulnerabilities achieving an accuracy reaching 96%. The system was also able to identify the type of a detected vulnerability with high accuracy achieving an exact match in 91% of the cases. We identify the main vulnerabilities that require improvement, and suggest directions to extend this work to practical contexts.

Original language	English
Title of host publication	Information Security Applications - 15th International Workshop, WISA 2014, Revised Selected Papers
Editors	Kyung-Hyune Rhee, Jeong Hyun Yi
Publisher	Springer Verlag
Pages	3-16
Number of pages	14
ISBN (Electronic)	9783319150864
DOIs	https://doi.org/10.1007/978-3-319-15087-1_1
Publication status	Published - 2015
Event	15th International Workshop on Information Security Applications, WISA 2014 - , Korea, Republic of Duration: 2014 Aug 25 → 2014 Aug 27

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	8909
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	15th International Workshop on Information Security Applications, WISA 2014
Country/Territory	Korea, Republic of
Period	14/8/25 → 14/8/27

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-319-15087-1_1

Cite this

Kosba, A. E., Mohaisen, A., West, A., Tonn, T., & Kim, H. K. (2015). ADAM: Automated detection and attribution of malicious webpages. In K-H. Rhee, & J. H. Yi (Eds.), Information Security Applications - 15th International Workshop, WISA 2014, Revised Selected Papers (pp. 3-16). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8909). Springer Verlag. https://doi.org/10.1007/978-3-319-15087-1_1

ADAM : Automated detection and attribution of malicious webpages. / Kosba, Ahmed E.; Mohaisen, Aziz; West, Andrew et al.

Information Security Applications - 15th International Workshop, WISA 2014, Revised Selected Papers. ed. / Kyung-Hyune Rhee; Jeong Hyun Yi. Springer Verlag, 2015. p. 3-16 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8909).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kosba, AE, Mohaisen, A, West, A, Tonn, T & Kim, HK 2015, ADAM: Automated detection and attribution of malicious webpages. in K-H Rhee & JH Yi (eds), Information Security Applications - 15th International Workshop, WISA 2014, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8909, Springer Verlag, pp. 3-16, 15th International Workshop on Information Security Applications, WISA 2014, Korea, Republic of, 14/8/25. https://doi.org/10.1007/978-3-319-15087-1_1

Kosba AE, Mohaisen A, West A, Tonn T, Kim HK. ADAM: Automated detection and attribution of malicious webpages. In Rhee K-H, Yi JH, editors, Information Security Applications - 15th International Workshop, WISA 2014, Revised Selected Papers. Springer Verlag. 2015. p. 3-16. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-15087-1_1

Kosba, Ahmed E. ; Mohaisen, Aziz ; West, Andrew et al. / ADAM : Automated detection and attribution of malicious webpages. Information Security Applications - 15th International Workshop, WISA 2014, Revised Selected Papers. editor / Kyung-Hyune Rhee ; Jeong Hyun Yi. Springer Verlag, 2015. pp. 3-16 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{36b25b3c5fad4f24aa09f1f48ae90953,

title = "ADAM: Automated detection and attribution of malicious webpages",

abstract = "Malicious webpages are a prevalent and severe threat in the Internet security landscape. This fact has motivated numerous static and dynamic techniques to alleviate such threat. Building on this existing literature, this work introduces the design and evaluation of ADAM, a system that uses machine-learning over network metadata derived from the sandboxed execution of webpage content. ADAM aims at detecting malicious webpages and identifying the type of vulnerability using simple set of features as well. Machine-trained models are not novel in this problem space. Instead, it is the dynamic network artifacts (and their subsequent feature representations) collected during rendering that are the greatest contribution of this work. Using a real-world operational dataset that includes different type of malice behavior, our results show that dynamic cheap network artifacts can be used effectively to detect most types of vulnerabilities achieving an accuracy reaching 96%. The system was also able to identify the type of a detected vulnerability with high accuracy achieving an exact match in 91% of the cases. We identify the main vulnerabilities that require improvement, and suggest directions to extend this work to practical contexts.",

author = "Kosba, {Ahmed E.} and Aziz Mohaisen and Andrew West and Trevor Tonn and Kim, {Huy Kang}",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.; 15th International Workshop on Information Security Applications, WISA 2014 ; Conference date: 25-08-2014 Through 27-08-2014",

year = "2015",

doi = "10.1007/978-3-319-15087-1_1",

language = "English",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "3--16",

editor = "Kyung-Hyune Rhee and Yi, {Jeong Hyun}",

booktitle = "Information Security Applications - 15th International Workshop, WISA 2014, Revised Selected Papers",

}

TY - GEN

T1 - ADAM

T2 - 15th International Workshop on Information Security Applications, WISA 2014

AU - Kosba, Ahmed E.

AU - Mohaisen, Aziz

AU - West, Andrew

AU - Tonn, Trevor

AU - Kim, Huy Kang

PY - 2015

Y1 - 2015

N2 - Malicious webpages are a prevalent and severe threat in the Internet security landscape. This fact has motivated numerous static and dynamic techniques to alleviate such threat. Building on this existing literature, this work introduces the design and evaluation of ADAM, a system that uses machine-learning over network metadata derived from the sandboxed execution of webpage content. ADAM aims at detecting malicious webpages and identifying the type of vulnerability using simple set of features as well. Machine-trained models are not novel in this problem space. Instead, it is the dynamic network artifacts (and their subsequent feature representations) collected during rendering that are the greatest contribution of this work. Using a real-world operational dataset that includes different type of malice behavior, our results show that dynamic cheap network artifacts can be used effectively to detect most types of vulnerabilities achieving an accuracy reaching 96%. The system was also able to identify the type of a detected vulnerability with high accuracy achieving an exact match in 91% of the cases. We identify the main vulnerabilities that require improvement, and suggest directions to extend this work to practical contexts.

AB - Malicious webpages are a prevalent and severe threat in the Internet security landscape. This fact has motivated numerous static and dynamic techniques to alleviate such threat. Building on this existing literature, this work introduces the design and evaluation of ADAM, a system that uses machine-learning over network metadata derived from the sandboxed execution of webpage content. ADAM aims at detecting malicious webpages and identifying the type of vulnerability using simple set of features as well. Machine-trained models are not novel in this problem space. Instead, it is the dynamic network artifacts (and their subsequent feature representations) collected during rendering that are the greatest contribution of this work. Using a real-world operational dataset that includes different type of malice behavior, our results show that dynamic cheap network artifacts can be used effectively to detect most types of vulnerabilities achieving an accuracy reaching 96%. The system was also able to identify the type of a detected vulnerability with high accuracy achieving an exact match in 91% of the cases. We identify the main vulnerabilities that require improvement, and suggest directions to extend this work to practical contexts.

UR - http://www.scopus.com/inward/record.url?scp=84922195497&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-15087-1_1

DO - 10.1007/978-3-319-15087-1_1

M3 - Conference contribution

AN - SCOPUS:84922195497

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 3

EP - 16

BT - Information Security Applications - 15th International Workshop, WISA 2014, Revised Selected Papers

A2 - Rhee, Kyung-Hyune

A2 - Yi, Jeong Hyun

PB - Springer Verlag

Y2 - 25 August 2014 through 27 August 2014

ER -

ADAM: Automated detection and attribution of malicious webpages

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this