Skip to main content
Article
ADAM: Automated Detection and Attribution of Malicious Webpages
WISA '14: Proceedings of the 15th International Workshop on Information Security Applications, LNCS 8909 (K.H. Rhee and J.H. Yi eds.). Jeju Island, South Korea. (2014)
  • Ahmed E. Kosba, University of Maryland
  • Aziz Mohaisen
  • Andrew G. West
  • Trevor Tonn
  • Huy Kang Kim, Korea University
Abstract

Malicious webpages are a prevalent and severe threat in the Internet security landscape. This fact has motivated numerous static and dynamic techniques to alleviate such threats. Building on this existing literature, this work introduces the design and evaluation of ADAM, a system that uses machine-learning over network metadata derived from the sandboxed execution of webpage content. ADAM aims to detect malicious webpages and identify the nature of those vulnerabilities using a simple set of features. Machine-trained models are not novel in this problem space. Instead, it is the dynamic network artifacts (and their subsequent feature representations) collected during rendering that are the greatest contribution of this work. Using a real-world operational dataset that includes different forms of malicious behavior, our results show that dynamic, low-cost network artifacts can be used effectively to detect most vulnerabilities -- achieving an accuracy reaching 96%. The system is also able to identify the precise type of that vulnerability in 91% of cases. Further, this work highlights those cases that frequently evade detection, suggesting areas of future emphasis, alongside the desire to extend this work to practical contexts.

Keywords
  • dynamic execution,
  • web rendering,
  • web security,
  • drive by downloads,
  • machine learning
Publication Date
August, 2014
Citation Information
ADAM: Automated Detection and Attribution of Malicious Webpages. Ahmed E. Kosba, Aziz Mohaisen, Andrew G. West, Trevor Tonn, and Huy Kang Kim. In WISA '14: Proceedings of the 15th International Workshop on Information Security Applications, LNCS 8909 (K.H. Rhee and J.H. Yi eds.), pp. 3-16. Jeju Island, South Korea, August 2014.