Malfree web server response

Abstract

The trend of spreading malicious web contents through legitimate but compromised websites is not very rare to find. Websites bearing the trust of millions of clients are chosen to exploit the trust of its users by installing unwanted and malevolent contents on client machines through drive by download. This stealthier mechanism is aimed to convert a client machine into a botnet and to gain access on its resources like stored passwords, sensitive information and fingerprinting of running softwares. To deal with it, there are different solutions like honeypots and system state observers but all these antidotes are client resident. In this paper we have devised a heuristic based solution which resides on web servers and circumvents the movement of malicious contents toward client machines while keeping the server repute trusted and its availability 24/7 even after the compromise. Instead of blocking the complete website or any of its page, only malevolent contents are sanitized which adds novelty to the proposed system.