Collaborative Computing: Networking, Applications and Worksharing. 4th International Conference, CollaborateCom 2008, Orlando, FL, USA, November 13-16, 2008, Revised Selected Papers

Research Article

Web Canary: A Virtualized Web Browser to Support Large-Scale Silent Collaboration in Detecting Malicious Web Sites

Download
401 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-03354-4_3,
        author={Jiang Wang and Anup Ghosh and Yih Huang},
        title={Web Canary: A Virtualized Web Browser to Support Large-Scale Silent Collaboration in Detecting Malicious Web Sites},
        proceedings={Collaborative Computing: Networking, Applications and Worksharing. 4th International Conference, CollaborateCom 2008, Orlando, FL, USA, November 13-16, 2008, Revised Selected Papers},
        proceedings_a={COLLABORATECOM},
        year={2012},
        month={5},
        keywords={Web browser security honey client malicious code spyware botnets virtualization},
        doi={10.1007/978-3-642-03354-4_3}
    }
    
  • Jiang Wang
    Anup Ghosh
    Yih Huang
    Year: 2012
    Web Canary: A Virtualized Web Browser to Support Large-Scale Silent Collaboration in Detecting Malicious Web Sites
    COLLABORATECOM
    Springer
    DOI: 10.1007/978-3-642-03354-4_3
Jiang Wang1,*, Anup Ghosh1,*, Yih Huang1,*
  • 1: George Mason University
*Contact email: jwanga@gmu.edu, aghosh1@gmu.edu, huangyih@cs.gmu.edu

Abstract

Malicious Web content poses a serious threat to the Internet, organizations and users. Current approaches to detecting malicious Web content employ high-powered honey clients to scan the Web for potentially malicious pages. These approaches, while effective at detecting malicious content, have the drawbacks of being few and far between, presenting a single snapshot in time of very dynamic phenomena, and having artificial test data. To address these problems, we developed a virtualized Web browser that uses large-scale collaboration to identify URLs that host malicious content on a continuing basis by building in an elective reporting system. The system, which we call a Web canary, runs a standard Web browser in a known, pristine OS every time the browser starts. Users not only report malicious URLs but also benefit from protection against malicious content. Experimental results show that it can detect the malicious Web pages effectively with acceptable overhead.