Malicious Webpage Detection by Semantics-Aware Reasoning
- Resource Type
- Conference
- Authors
- Lin, Shih-Fen; Hou, Yung-Tsung; Chen, Chia-Mei; Jeng, Bingchiang; Laih, Chi-Sung
- Source
- 2008 Eighth International Conference on Intelligent Systems Design and Applications Intelligent Systems Design and Applications, 2008. ISDA '08. Eighth International Conference on. 1:115-120 Nov, 2008
- Subject
- Computing and Processing
HTML
Detection algorithms
Frequency
Software packages
National security
Detectors
Intelligent systems
Information management
Web and internet services
Java
malicious code
semantics modeling
memory-based reasoning
- Language
- ISSN
- 2164-7143
2164-7151
The recent evolutional development of dynamic HTML techniques empowers attackers a new and powerful tool to compromise machines. A malicious DHTML code disguises itself as a normal webpage. The malicious webpage infects the victim when a user browses it. Furthermore, such DHTML code can disguise easily through obfuscation or transformation, which makes detection even harder. Anti-virus software packages commonly use signature-based approaches which might not be able to efficiently identify camouflage malicious HTML code. In this paper, we propose a novel semantics-aware reasoning detection algorithm (SeAR) using the techniques of semantic modeling and memory-based reasoning for malicious webpage detection. SeAR is resilient to code obfuscations and is able to detect malicious webpage correctly. The experiments demonstrate that our detection algorithm can effectively detect variants of malicious HTML code with a low false rate.