ADAM: Automated detection and attribution of malicious webpages

Ahmed E. Kosba, Aziz Mohaisen, Andrew West, Trevor Tonn, Huy Kang Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

Malicious webpages are a prevalent and severe threat in the Internet security landscape. This fact has motivated numerous static and dynamic techniques to alleviate such threat. Building on this existing literature, this work introduces the design and evaluation of ADAM, a system that uses machine-learning over network metadata derived from the sandboxed execution of webpage content. ADAM aims at detecting malicious webpages and identifying the type of vulnerability using simple set of features as well. Machine-trained models are not novel in this problem space. Instead, it is the dynamic network artifacts (and their subsequent feature representations) collected during rendering that are the greatest contribution of this work. Using a real-world operational dataset that includes different type of malice behavior, our results show that dynamic cheap network artifacts can be used effectively to detect most types of vulnerabilities achieving an accuracy reaching 96%. The system was also able to identify the type of a detected vulnerability with high accuracy achieving an exact match in 91% of the cases. We identify the main vulnerabilities that require improvement, and suggest directions to extend this work to practical contexts.

Original languageEnglish
Title of host publicationInformation Security Applications - 15th International Workshop, WISA 2014, Revised Selected Papers
EditorsKyung-Hyune Rhee, Jeong Hyun Yi
PublisherSpringer Verlag
Pages3-16
Number of pages14
ISBN (Electronic)9783319150864
DOIs
Publication statusPublished - 2015
Event15th International Workshop on Information Security Applications, WISA 2014 - , Korea, Republic of
Duration: 2014 Aug 252014 Aug 27

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8909
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other15th International Workshop on Information Security Applications, WISA 2014
CountryKorea, Republic of
Period14/8/2514/8/27

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'ADAM: Automated detection and attribution of malicious webpages'. Together they form a unique fingerprint.

Cite this