Some Trends in Web Application Development
FOSE '07 2007 Future of Software Engineering
The ghost in the browser analysis of web-based malware
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Proceedings of the 2008 ACM symposium on Applied computing
Information Security Tech. Report
Ghost turns zombie: exploring the life cycle of web-based malware
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Social networks and context-aware spam
Proceedings of the 2008 ACM conference on Computer supported cooperative work
Malicious Webpage Detection by Semantics-Aware Reasoning
ISDA '08 Proceedings of the 2008 Eighth International Conference on Intelligent Systems Design and Applications - Volume 01
Collecting Internet Malware Based on Client-side Honeypot
ICYCS '08 Proceedings of the 2008 The 9th International Conference for Young Computer Scientists
Security in web 2.0 application development
Proceedings of the 10th International Conference on Information Integration and Web-based Applications & Services
Securing frame communication in browsers
Communications of the ACM - One Laptop Per Child: Vision vs. Reality
Cybercrime 2.0: When the Cloud Turns Dark
Queue - Web Security
Characterizing insecure javascript practices on the web
Proceedings of the 18th international conference on World wide web
Identifying suspicious URLs: an application of large-scale online learning
ICML '09 Proceedings of the 26th Annual International Conference on Machine Learning
Beyond blacklists: learning to detect malicious web sites from suspicious URLs
Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining
Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Malicious web content detection by machine learning
Expert Systems with Applications: An International Journal
Automatic Detection for JavaScript Obfuscation Attacks in Web Pages through String Pattern Analysis
FGIT '09 Proceedings of the 1st International Conference on Future Generation Information Technology
Detection and analysis of drive-by-download attacks and malicious JavaScript code
Proceedings of the 19th international conference on World wide web
Collecting autonomous spreading malware using high-interaction honeypots
ICICS'07 Proceedings of the 9th international conference on Information and communications security
PhoneyC: a virtual client honeypot
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
NOZZLE: a defense against heap-spraying code injection attacks
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Learning to detect malicious URLs
ACM Transactions on Intelligent Systems and Technology (TIST)
Prophiler: a fast filter for the large-scale detection of malicious web pages
Proceedings of the 20th international conference on World wide web
Escape from monkey island: evading high-interaction honeyclients
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Capture - A behavioral analysis tool for applications and documents
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A Novel Scoring Model to Detect Potential Malicious Web Pages
TRUSTCOM '12 Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications
| Hi-index | 0.00 |
Drive-by download attacks where web browsers are subverted by malicious content delivered by web servers have become a common attack vector in recent years. Several methods for the detection of malicious content on web pages using data mining techniques to classify web pages as malicious or benign have been proposed in the literature. However, each proposed method uses different content features in order to do the classification and there is a lack of a high-level frameworks for comparing these methods based upon their choice of detection features. The lack of a framework makes it problematic to develop experiments to compare the effectiveness of methods based upon different selections of features. This paper presents such a framework derived from an analysis of of drive-by download attacks that focus upon potential state changes seen when Internet browsers render HTML documents. This framework can be used to identify potential features that have not yet been exploited and to reason about the challenges for using those features in detection drive-by download attack.