WSProxy: Detecting and Fighting Malicious Websites

Abstract

In this paper we present WS Proxy, an analysis system for malicious websites that focuses on detecting attacks through behavior of web programs. The system uses Web kit which is an open script engine to execute page scripts. We detect malicious codes from web pages using static analysis and dynamic analysis technology. In contrast to previous work, this approach combines generality with usability, since the system is executed directly in the web browser before the web page is displayed. We show that we can achieve false positive rates below 5% and false negative rates below 10% with a performance overhead of only a few seconds, which affords a great potential for future versions of our tool.