Social network analysis of malicious websites for detection and characterization

Aldemir, Muhsin
Malicious websites pose major risks to users and businesses including economic damages, privacy breaches and loss of valuable data. Malicious actors use websites as a spreading medium for their motives. Analyzing the relationships between malicious websites and comparing them to benign ones can help understand the problem better, and enable detection and prevention of these websites more accurately. This thesis focuses on detection and characterization of malicious websites using Social Network Analysis (SNA). SNA provides powerful methodologies for discovering and visualizing the relationships between actors. By utilizing the links in between and among malicious and benign websites, graphs were constituted, whose nodes were websites and ties were hyperlinks between them. For this purpose, the data which included the snapshot of the pairwise links amongst hundreds of thousands of websites, the list of malicious websites and their types were obtained from the web. First, networks of malicious websites were formed. Then, using these networks new analyses were carried out to efficiently find malicious websites and their types based on their network structures and link similarities. Results were presented showing the detection accuracies of applied methods.