Context-aware web security threat prevention

Authors:
Lung-Hao Lee;Yen-Cheng Juan;Kuei-Ching Lee;Wei-Lin Tseng;Hsin-Hsi Chen;Yuen-Hsien Tseng
Affiliations:
National Taiwan University, Taipei, Taiwan Roc;National Taiwan University, Taipei, Taiwan Roc;National Taiwan University, Taipei, Taiwan Roc;National Taiwan University, Taipei, Taiwan Roc;National Taiwan University, Taipei, Taiwan Roc;National Taiwan Normal University, Taipei, Taiwan Roc
Venue:
Proceedings of the 2012 ACM conference on Computer and communications security
Year:
2012

Citing 7
Cited 0

Web tap: detecting covert web traffic

Proceedings of the 11th ACM conference on Computer and communications security
Beyond blacklists: learning to detect malicious web sites from suspicious URLs

Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining
SBotMiner: large scale search bot detection

Proceedings of the third ACM international conference on Web search and data mining
Prophiler: a fast filter for the large-scale detection of malicious web pages

Proceedings of the 20th international conference on World wide web
CANTINA+: A Feature-Rich Machine Learning Framework for Detecting Phishing Web Sites

ACM Transactions on Information and System Security (TISSEC)
Fear the EAR: discovering and mitigating execution after redirect vulnerabilities

Proceedings of the 18th ACM conference on Computer and communications security
EvilSeed: A Guided Approach to Finding Malicious Web Pages

SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper studies the feasibility of an early warning system that prevents users from the dangerous situations they may fall into during web surfing. Our approach adopts behavioral Hidden Markov Models to explore collective intelligence embedded in users' browsing behaviors for context-aware category prediction, and applies the results to web security threat prevention. Large-scale experiments show that our proposed method performs accuracy 0.463 for predicting the fine-grained categories of users' next accesses. In real-life filtering simulations, our method can achieve macro-averaging blocking rate 0.4293 to find web security threats that cannot be detected by the existing security protection solutions at the early stage, while accomplishes a low macro-averaging over-blocking rate 0.0005 with the passage of time. In addition, behavioral HMM is able to alert users for avoiding security threats by 8.4 hours earlier than the current URL filtering engine does. Our simulations show that the shortening of this lag time is critical to avoid severe diffusions of security threats.