Research Article
BINSPECT: Holistic Analysis and Detection of Malicious Web Pages
@INPROCEEDINGS{10.1007/978-3-642-36883-7_10, author={Birhanu Eshete and Adolfo Villafiorita and Komminist Weldemariam}, title={BINSPECT: Holistic Analysis and Detection of Malicious Web Pages}, proceedings={Security and Privacy in Communication Networks. 8th International ICST Conference, SecureComm 2012, Padua, Italy, September 3-5, 2012. Revised Selected Papers}, proceedings_a={SECURECOMM}, year={2013}, month={2}, keywords={malicious web page static analysis lightweight emulation machine learning}, doi={10.1007/978-3-642-36883-7_10} }- Birhanu Eshete
Adolfo Villafiorita
Komminist Weldemariam
Year: 2013
BINSPECT: Holistic Analysis and Detection of Malicious Web Pages
SECURECOMM
Springer
DOI: 10.1007/978-3-642-36883-7_10
Abstract
Malicious web pages are among the major security threats on the Web. Most of the existing techniques for detecting malicious web pages focus on specific attacks. Unfortunately, attacks are getting more complex whereby attackers use blended techniques to evade existing countermeasures. In this paper, we present a holistic and at the same time lightweight approach, called BINSPECT, that leverages a combination of static analysis and minimalistic emulation to apply supervised learning techniques in detecting malicious web pages pertinent to drive-by-download, phishing, injection, and malware distribution by introducing new features that can effectively discriminate malicious and benign web pages. Large scale experimental evaluation of BINSPECT achieved above 97% accuracy with low false signals. Moreover, the performance overhead of BINSPECT is in the range 3-5 seconds to analyze a single web page, suggesting the effectiveness of our approach for real-life deployment.