Browse > Article
http://dx.doi.org/10.9708/jksci.2012.17.3.077

Classification of Malicious Web Pages by Using SVM  

Hwang, Young-Sup (Dept. of Computer Science and Engineering, Sun Moon University)
Moon, Jae-Chan (Dept. of Computer Science and Software Science, Dankook University)
Cho, Seong-Je (Dept. of Computer Science and Software Science, Dankook University)
Abstract
As web pages provide various services, the distribution of malware via the web pages is being also increased. Malware can make personal information leak, system mal-function and system be zombie. To protect this damages, we should block the malicious web pages. Because the malicious codes embedded in web pages are obfuscated or transformed, it is difficult to detect them using signature-based approaches which are used by current anti-virus software. To overcome this problem, we extracted features to classify malicious web pages and benign ones by analyzing web pages. And we propose a classification method using SVM which is widely used in machine learning. Experimental results show that the proposed method is better than other methods. The proposed method could classify malicious web pages correctly and be helpful to block the distribution of malicious codes.
Keywords
Malicious web page; SVM; malware; obfuscation; machine learning;
Citations & Related Records
Times Cited By KSCI : 5  (Citation Analysis)
연도 인용수 순위
1 Chong-Woo Woo and Kyoung-Hui Ha, "A Development of Malware Detection Tool based on Signature Patterns," Journal of the KSCI, Vol.10, No.6, pp.127-136, De. 2005. (in Korean)   과학기술학회마을
2 N. Proves, D. McNamee, et al., "The Ghost In The Browser Analysis of Web-based Malware", Proc.Of the first USENIX workshop on hot topic in Botnets, 2007.4
3 B. Kim, C. Im, H. Jung, "Suspicious Malicious Web Site Detection with Strength Analysis of a JavaScript Obfuscation", International Journal of Advanced Science and Technology, Vol.26, pp.19-32, Jan, 2011.
4 Peter Likarish, E. Jung, I. Jo, "Obfuscated Malicious JavaScript Detection using Classification Techniques", in 4th International Conference on Malicious and Unwanted Software, pp.47-54, 2009.
5 H. Chang, M. Kim, D. Kim, J. Lee, H. Kim, and S. Cho, "An Implementation of System for Detecting and Filtering Malicious URLs," Journal of KIISE:Computing Practices and Letters, Vol.16, No.4, pp.405-414, Apr. 2010. (in Korean)   과학기술학회마을
6 Y. Choi, T. Kim, and S. Choi, "Automatic Detection for JavaScript Obfuscation Attacks in Web Pages through String Pattern Analysis", International Journal of Security and Its Applications, Vol.4, No.2, pp.13-26, Apr. 2010.
7 B. Feinstein and D. Peck, "Caffeine Monkey: Automated Collection, Detection and Analysis of Malicious JavaScript", Black Hat USA, 2007.
8 Christian Seifert, Ian Welch, Peter Komisarczuk, "Identification of Malicious Web Pages with Static Heuristics," Telecommunication Networks and Applications Conference, pp.91-96, Dec. 2008.
9 L.C. Tae, J.H, Oh and H,C. Jeong, "Study of the Technique Trend and Analysis Method of Recent Malaware," Communications of the KIISE, Vol.28, No.11, pp.117-125. Nov. 2010.
10 Y.-T. Hou, Y. Chang, T. Chen, C.-S. Laih and C.-M. Chen, "Malicious web content detection by machine learning," Expert Systems with Applications, Vol.378, pp.55-60, 2010.
11 Chih-Chung Chang and Chih-Jen Lin, LIBSVM: a library for support vector machines, 2001. Software available at http://www.csie.ntu.edu.tw/-cjlin/libsvm.
12 IBM X-Force Team, "IBM X-Force 2010 Trend and Risk Report", IBM Published, March, 2011
13 ByungHa Choi and Kyungsan Cho, "An Improved Detecting Scheme of Malicious Codes using HTTP Outbound Traffic," Journal of the KSCI, Vol.14, No.9 pp.47-54, Aug. 2009. (in Korean)   과학기술학회마을
14 Hee-Hwan Park and Dea-Woo Park, "A Study on Treatment Way of a Malicious Code to injected in Windows System File," Journal of the KSCI, Vol.14, No.2, pp.255-262, De. 2006. (in Korean)   과학기술학회마을
15 J. Lee, J. Moon, S. Cho, Y. Lee, M. Park, and W. Choi, "Malicious Web Page Detection Using Malicious Code Spreading Pattern," The 3rd International Conference on Internet (ICONI 2011), pp.195-200, Dec. 2011.