Detection of malicious web pages

Süren, Emre
Cyber-attacks have been shaking the virtual world and malicious web pages have become a major weapon for Internet crimes. They host a number of malicious contents; such as spam, phishing, and drive-by download. Drive-by download technique exploits the victim’s machine and downloads a malware without any notice or consent. After infection, victim’s private data is stolen or encrypted and even worse the compromised machine is instrumented to mount further attacks. To this end, researchers have focused on protecting the Internet visitors. Previous solutions were blacklisting and static heuristics. Today the most remarkable suggestions for detecting malicious pages involve static and dynamic analysis techniques. It is known that, static analysis shows significant performance but poor accuracy and dynamic analysis performs slowly but brings notable detection rate. Effective and lightweight detection approach should be deployable for real-time environments, overcome known evasion techniques, and be able to detect undiscovered (zero-day) exploits. This thesis analyses how to detect malicious pages efficiently in an automatized fashion. A feature set is built by revealing characteristics in malicious pages and machine learning techniques are utilized. Respectable and freely available datasets are used in the experiments. The detection rate (97.5%) achieved by the application of static analysis is compared with the state of the art systems and the designed system is on par with most methods. Offered approach could be leveraged as a stand-alone detection system or utilized as a pre-filter for dynamic methods according to the importance and sensitivity of the mission.


Online DDoS attack detection using Mahalanobis distance and Kernel-based learning algorithm
Cakmakci, Salva Daneshgadeh; Kemmerich, Thomas; Ahmed, Tarem; Baykal, Nazife (Elsevier BV, 2020-10-01)
Distributed denial-of-service (DDoS) attacks are constantly evolving as the computer and networking technologies and attackers' motivations are changing. In recent years, several supervised DDoS detection algorithms have been proposed. However, these algorithms require a priori knowledge of the classes and cannot automatically adapt to frequently changing network traffic trends. This emphasizes the need for the development of new DDoS detection mechanisms that target zero-day and sophisticated DDoS attacks....
Static Malware Detection Using Stacked Bi-Directional LSTM
Demirci, Deniz; Acartürk, Cengiz; Department of Cybersecurity (2021-8-19)
The recent proliferation in the use of the Internet and personal computers has made it easier for cybercriminals to expose Internet users to widespread and damaging threats. In order protect the end users against such threats, a security system must be proactive. It needs to detect malicious files or executables before reaching the end-user. To create an efficient and low-cost malware detection mechanism, in the present study, we propose stacked bidirectional long short-term memory (Stacked BiLSTM) based de...
Malicious code detection: run trace analysis by LSTM
Şırlancı, Melih; Acartürk, Cengiz; Gürkan Balıkçıoğlu, Pınar; Department of Cybersecurity (2021-6)
Malicious software threats and their detection have been gaining importance as a subdomain of information security due to the expansion of ICT applications in daily settings. A major challenge in designing and developing anti-malware systems is the coverage of the detection, particularly the development of dynamic analysis methods that can detect polymorphic and metamorphic malware efficiently. In the present study, we propose a methodological framework for detecting malicious code by analyzing run trace ou...
Automatic detection of cyber security events from Turkish twitter stream and Turkish newspaper data
Ural, Özgür; Acartürk, Cengiz; Department of Cyber Security (2019)
Cybersecurity experts scan the internet and face security events that influence users, institutions, and governments. An information security analyst regularly examines sources to stay up to date on security events in her/his domain of expertise. This may lead to a heavy workload for the information analysts if they do not have proper tools for security event investigation. For example, an information analyst may want to stay aware of cybersecurity events, such as a DDoS (Distributed Denial of Service) atta...
Malicious user input detection on web-based attacks with the negative selection algorithm
Karataş, Mustafa Mer; Acar, Aybar Can; Department of Cyber Security (2019)
In the cyber security domain, detection and prevention of intrusions is a crucial task. Intrusion attempts exploiting vulnerabilities in an organization’s servers or applications may lead to devastating consequences. The malicious actor may obtain sensitive information from the application, seize database records or take over the servers completely. While protecting web applications/services, discrimination of legitimate user inputs from malicious payloads must be done. Taking inspiration from the Human Imm...
Citation Formats
E. Süren, “Detection of malicious web pages,” M.S. - Master of Science, Middle East Technical University, 2014.