Detecting malicious HTTP redirections using trees of user browsing activity
- 1 April 2014
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE INFOCOM 2014 - IEEE Conference on Computer Communications
- p. 1159-1167
- https://doi.org/10.1109/infocom.2014.6848047
Abstract
The web has become a platform that attackers exploit to infect vulnerable hosts, or deceive victims into buying rogue software. To accomplish this, attackers either inject malicious scripts into popular web sites or manipulate content delivered by servers to exploit vulnerabilities in users' browsers. To hide malware distribution servers, attackers employ HTTP redirections, which automatically redirect users' requests through a series of intermediate web sites, before landing on the final distribution site. In this paper, we develop a methodology to identify malicious chains of HTTP redirections. We build per-user chains from passively collected traffic and extract novel statistical features from them, which capture inherent characteristics from malicious redirection cases. Then, we apply a supervised decision tree classifier to identify malicious chains. Using a large ISP dataset, with more than 15K clients, we demonstrate that our methodology is very effective in accurately identifying malicious chains, with recall and precision values over 90% and up to 98%.Keywords
This publication has 10 references indexed in Scilit:
- Knowing your enemyPublished by Association for Computing Machinery (ACM) ,2012
- SURFPublished by Association for Computing Machinery (ACM) ,2011
- Cloak and daggerPublished by Association for Computing Machinery (ACM) ,2011
- ProphilerPublished by Association for Computing Machinery (ACM) ,2011
- The WEKA data mining softwareACM SIGKDD Explorations Newsletter, 2009
- Obfuscated malicious javascript detection using classification techniquesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2009
- Beyond blacklistsPublished by Association for Computing Machinery (ACM) ,2009
- Identification of Malicious Web Pages with Static HeuristicsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2008
- Predictive learning via rule ensemblesThe Annals of Applied Statistics, 2008
- A taxonomy of JavaScript redirection spamPublished by Association for Computing Machinery (ACM) ,2007