Research Article
Web Canary: A Virtualized Web Browser to Support Large-Scale Silent Collaboration in Detecting Malicious Web Sites
@INPROCEEDINGS{10.1007/978-3-642-03354-4_3, author={Jiang Wang and Anup Ghosh and Yih Huang}, title={Web Canary: A Virtualized Web Browser to Support Large-Scale Silent Collaboration in Detecting Malicious Web Sites}, proceedings={Collaborative Computing: Networking, Applications and Worksharing. 4th International Conference, CollaborateCom 2008, Orlando, FL, USA, November 13-16, 2008, Revised Selected Papers}, proceedings_a={COLLABORATECOM}, year={2012}, month={5}, keywords={Web browser security honey client malicious code spyware botnets virtualization}, doi={10.1007/978-3-642-03354-4_3} }- Jiang Wang
Anup Ghosh
Yih Huang
Year: 2012
Web Canary: A Virtualized Web Browser to Support Large-Scale Silent Collaboration in Detecting Malicious Web Sites
COLLABORATECOM
Springer
DOI: 10.1007/978-3-642-03354-4_3
Abstract
Malicious Web content poses a serious threat to the Internet, organizations and users. Current approaches to detecting malicious Web content employ high-powered honey clients to scan the Web for potentially malicious pages. These approaches, while effective at detecting malicious content, have the drawbacks of being few and far between, presenting a single snapshot in time of very dynamic phenomena, and having artificial test data. To address these problems, we developed a virtualized Web browser that uses large-scale collaboration to identify URLs that host malicious content on a continuing basis by building in an elective reporting system. The system, which we call a Web canary, runs a standard Web browser in a known, pristine OS every time the browser starts. Users not only report malicious URLs but also benefit from protection against malicious content. Experimental results show that it can detect the malicious Web pages effectively with acceptable overhead.