EVILSEED: A Guided Approach to Finding Malicious Web Pages

Research output: Chapter in Book/Report/Conference proceedingChapter

Standard

EVILSEED: A Guided Approach to Finding Malicious Web Pages. / Invernizzi, Luca; Benvenuti, Stefano; Milani Comparetti, Paolo; Cova, Marco; Kruegel, Christopher; Vigna, Giovanni.

Proceedings of the IEEE Symposium on Security and Privacy. 2012. p. 428-442.

Research output: Chapter in Book/Report/Conference proceedingChapter

Harvard

Invernizzi, L, Benvenuti, S, Milani Comparetti, P, Cova, M, Kruegel, C & Vigna, G 2012, EVILSEED: A Guided Approach to Finding Malicious Web Pages. in Proceedings of the IEEE Symposium on Security and Privacy. pp. 428-442. https://doi.org/10.1109/SP.2012.33

APA

Invernizzi, L., Benvenuti, S., Milani Comparetti, P., Cova, M., Kruegel, C., & Vigna, G. (2012). EVILSEED: A Guided Approach to Finding Malicious Web Pages. In Proceedings of the IEEE Symposium on Security and Privacy (pp. 428-442) https://doi.org/10.1109/SP.2012.33

Vancouver

Invernizzi L, Benvenuti S, Milani Comparetti P, Cova M, Kruegel C, Vigna G. EVILSEED: A Guided Approach to Finding Malicious Web Pages. In Proceedings of the IEEE Symposium on Security and Privacy. 2012. p. 428-442 https://doi.org/10.1109/SP.2012.33

Author

Invernizzi, Luca ; Benvenuti, Stefano ; Milani Comparetti, Paolo ; Cova, Marco ; Kruegel, Christopher ; Vigna, Giovanni. / EVILSEED: A Guided Approach to Finding Malicious Web Pages. Proceedings of the IEEE Symposium on Security and Privacy. 2012. pp. 428-442

Bibtex

@inbook{2d0d5a1c6c114a92beb5cffed548f3b7,
title = "EVILSEED: A Guided Approach to Finding Malicious Web Pages",
abstract = "Malicious web pages that use drive-by download attacks or social engineering techniques to install unwanted software on a user{\textquoteright}s computer have become the main avenue for the propagation of malicious code. To search for malicious web pages, the first step is typically to use a crawler to collect URLs that are live on the Internet. Then, fast prefiltering techniques are employed to reduce the amount of pages that need to be examined by more precise, but slower, analysis tools (such as honeyclients). While effective, these techniques require a substantial amount of resources. A key reason is that the crawler encounters many pages on the web that are benign, that is, the “toxicity” of the stream of URLs being analyzed is low.In this paper, we present EVILSEED, an approach to search the web more efficiently for pages that are likely malicious. EVILSEED starts from an initial seed of known, malicious web pages. Using this seed, our system automatically generates search engines queries to identify other malicious pages that are similar or related to the ones in the initial seed. By doing so, EVILSEED leverages the crawling infrastructure of search engines to retrieve URLs that are much more likely to be malicious than a random page on the web. In other words EVILSEED increases the “toxicity” of the input URL stream. Also, we envision that the features that EVILSEED presents could be directly applied by search engines in their prefilters. We have implemented our approach, and we evaluated it on a large-scale dataset. The results show that EVILSEED is able to identify malicious web pages more efficiently when compared to crawler-based approaches.",
author = "Luca Invernizzi and Stefano Benvenuti and {Milani Comparetti}, Paolo and Marco Cova and Christopher Kruegel and Giovanni Vigna",
year = "2012",
month = may,
doi = "10.1109/SP.2012.33",
language = "English",
isbn = "978-1-4673-1244-8",
pages = "428--442",
booktitle = "Proceedings of the IEEE Symposium on Security and Privacy",

}

RIS

TY - CHAP

T1 - EVILSEED: A Guided Approach to Finding Malicious Web Pages

AU - Invernizzi, Luca

AU - Benvenuti, Stefano

AU - Milani Comparetti, Paolo

AU - Cova, Marco

AU - Kruegel, Christopher

AU - Vigna, Giovanni

PY - 2012/5

Y1 - 2012/5

N2 - Malicious web pages that use drive-by download attacks or social engineering techniques to install unwanted software on a user’s computer have become the main avenue for the propagation of malicious code. To search for malicious web pages, the first step is typically to use a crawler to collect URLs that are live on the Internet. Then, fast prefiltering techniques are employed to reduce the amount of pages that need to be examined by more precise, but slower, analysis tools (such as honeyclients). While effective, these techniques require a substantial amount of resources. A key reason is that the crawler encounters many pages on the web that are benign, that is, the “toxicity” of the stream of URLs being analyzed is low.In this paper, we present EVILSEED, an approach to search the web more efficiently for pages that are likely malicious. EVILSEED starts from an initial seed of known, malicious web pages. Using this seed, our system automatically generates search engines queries to identify other malicious pages that are similar or related to the ones in the initial seed. By doing so, EVILSEED leverages the crawling infrastructure of search engines to retrieve URLs that are much more likely to be malicious than a random page on the web. In other words EVILSEED increases the “toxicity” of the input URL stream. Also, we envision that the features that EVILSEED presents could be directly applied by search engines in their prefilters. We have implemented our approach, and we evaluated it on a large-scale dataset. The results show that EVILSEED is able to identify malicious web pages more efficiently when compared to crawler-based approaches.

AB - Malicious web pages that use drive-by download attacks or social engineering techniques to install unwanted software on a user’s computer have become the main avenue for the propagation of malicious code. To search for malicious web pages, the first step is typically to use a crawler to collect URLs that are live on the Internet. Then, fast prefiltering techniques are employed to reduce the amount of pages that need to be examined by more precise, but slower, analysis tools (such as honeyclients). While effective, these techniques require a substantial amount of resources. A key reason is that the crawler encounters many pages on the web that are benign, that is, the “toxicity” of the stream of URLs being analyzed is low.In this paper, we present EVILSEED, an approach to search the web more efficiently for pages that are likely malicious. EVILSEED starts from an initial seed of known, malicious web pages. Using this seed, our system automatically generates search engines queries to identify other malicious pages that are similar or related to the ones in the initial seed. By doing so, EVILSEED leverages the crawling infrastructure of search engines to retrieve URLs that are much more likely to be malicious than a random page on the web. In other words EVILSEED increases the “toxicity” of the input URL stream. Also, we envision that the features that EVILSEED presents could be directly applied by search engines in their prefilters. We have implemented our approach, and we evaluated it on a large-scale dataset. The results show that EVILSEED is able to identify malicious web pages more efficiently when compared to crawler-based approaches.

U2 - 10.1109/SP.2012.33

DO - 10.1109/SP.2012.33

M3 - Chapter

SN - 978-1-4673-1244-8

SP - 428

EP - 442

BT - Proceedings of the IEEE Symposium on Security and Privacy

ER -