Previous [ 1] [ 2] [ 3] [ 4] [ 5] [ 6] [ 7] [ 8] [ 9] [ 10] [ 11]

@

Journal of Information Science and Engineering, Vol. 29 No. 1, pp. 115-131 (January 2013)


Interactive Website Filter for Safe Web Browsing*


INSOON JO1, EUNJIN (EJ) JUNG2 AND HEON Y. YEOM1
1School of Computer Science and Engineering
Seoul National University
Seoul, 151-742 Korea
2Department of Computer Science
University of San Francisco
San Francisco CA 94117, USA

Though popularly used for safe web browsing, blacklist-based filters have fundamental limitation in the "window of vulnerability", the time between malicious website launch and blacklist update. An effective way of seamless protection is to use an add-on filter based on heuristics, but most of prior heuristics have offered the limited scope of protection against new attacks. Moreover, they have either suffered from low detection accuracy or incurred unacceptable slowdown. This paper presents an interactive website filter based on heuristics for detecting malicious websites. As the key feature, our filter considers the disparity between a website's true identity (e.g., host domain) and its observed identity (e.g., frequent terms or source domains of iFrames). A website with significant disparity is considered as malicious. Users are warned against a website identified as malicious, and determine if it is safe to proceed. Incorporating user-interaction into discovering the true identity of the suspect websites lets our filter avoid false positives caused by automatic detection. Our main contribution is that we found a common and efficient characteristic to filter malicious websites. Not only is such disparity inherent in exploit mechanisms of malicious websites whether to aim for phishing or malware distribution, but its measuring by textual relevance incurs negligible overhead. Experimental results demonstrate that our filter is lightweight while delivering considerably high detection accuracy for both malicious websites.

Keywords: phishing, malware distribution, drive-by downloads, browser extension, usable security, machine learning, reasoning

Full Text () Retrieve PDF document (201301_08.pdf)

Received May 31, 2011; accepted March 31, 2012.
Communicated by Francisco J. Garcia-Penalvo, Ricardo Colomo-Palacios and Jane Yung-Jen Hsu.
* This research was supported by NSF grant 1063745 and the KCC (Korea Communications Commission), Korea, under the CPRC (Communications Policy Research Center) support program supervised by the KCA (Korea Communications Agency) (KCA-2011-1194100004-110010100).