Towards Automatic and Lightweight Detection and Classification of Malicious Web Contents

Abstract

Malicious webpages are today one of the most prevalent threats in the Internet security landscape. To understand such problem, there has been several efforts of analysis, classification, and labeling of malicious webpages, ranging from the simple static techniques to the more elaborate dynamic techniques. Building on such efforts, this work summarizes our work in the design and evaluation of a system that utilizes machine learning techniques over network metadata to identify malicious webpages and classify them into broader classes of vulnerabilities. The system uses easy to interpret features, utilizes uniquely acquired dynamic network artifacts, and known labels for rendered webpages in a sandboxed environment. We report on the success (and failure) of our system, and the way forward by suggesting open directions for practical malicious web contents classification.