Detection of malicious web pages


Tezin Türü: Yüksek Lisans

Tezin Yürütüldüğü Kurum: Orta Doğu Teknik Üniversitesi, Enformatik Enstitüsü, Bilişim Sistemleri Anabilim Dalı, Türkiye

Tezin Onay Tarihi: 2014

Öğrenci: EMRE SÜREN

Danışman: SEVGİ ÖZKAN YILDIRIM

Özet:

Cyber-attacks have been shaking the virtual world and malicious web pages have become a major weapon for Internet crimes. They host a number of malicious contents; such as spam, phishing, and drive-by download. Drive-by download technique exploits the victim’s machine and downloads a malware without any notice or consent. After infection, victim’s private data is stolen or encrypted and even worse the compromised machine is instrumented to mount further attacks. To this end, researchers have focused on protecting the Internet visitors. Previous solutions were blacklisting and static heuristics. Today the most remarkable suggestions for detecting malicious pages involve static and dynamic analysis techniques. It is known that, static analysis shows significant performance but poor accuracy and dynamic analysis performs slowly but brings notable detection rate. Effective and lightweight detection approach should be deployable for real-time environments, overcome known evasion techniques, and be able to detect undiscovered (zero-day) exploits. This thesis analyses how to detect malicious pages efficiently in an automatized fashion. A feature set is built by revealing characteristics in malicious pages and machine learning techniques are utilized. Respectable and freely available datasets are used in the experiments. The detection rate (97.5%) achieved by the application of static analysis is compared with the state of the art systems and the designed system is on par with most methods. Offered approach could be leveraged as a stand-alone detection system or utilized as a pre-filter for dynamic methods according to the importance and sensitivity of the mission.