Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

Classification of Malicious Web Pages by Using SVM

SVM을 활용한 악성 웹 페이지 분류

  • Hwang, Young-Sup (Dept. of Computer Science and Engineering, Sun Moon University) ;
  • Moon, Jae-Chan (Dept. of Computer Science and Software Science, Dankook University) ;
  • Cho, Seong-Je (Dept. of Computer Science and Software Science, Dankook University)
  • 황영섭 (선문대학교 컴퓨터공학과) ;
  • 문재찬 (단국대학교 소프트웨어학과) ;
  • 조성제 (단국대학교 소프트웨어학과)
  • Received : 2011.11.04
  • Accepted : 2012.01.06
  • Published : 2012.03.30
Download PDF
⟨ Previous Next ⟩

Abstract

As web pages provide various services, the distribution of malware via the web pages is being also increased. Malware can make personal information leak, system mal-function and system be zombie. To protect this damages, we should block the malicious web pages. Because the malicious codes embedded in web pages are obfuscated or transformed, it is difficult to detect them using signature-based approaches which are used by current anti-virus software. To overcome this problem, we extracted features to classify malicious web pages and benign ones by analyzing web pages. And we propose a classification method using SVM which is widely used in machine learning. Experimental results show that the proposed method is better than other methods. The proposed method could classify malicious web pages correctly and be helpful to block the distribution of malicious codes.

웹 페이지에서 다양한 서비스를 제공하면서 악성코드가 웹 페이지를 통해 배포되는 것도 늘어났다. 악성코드는 개인정보 유출, 시스템의 성능저하, 시스템의 좀비 피씨화 등의 피해를 입힌다. 이런 피해를 막으려면 악성코드가 있는 웹 페이지의 접근을 막아야 한다. 그런데 웹 페이지에 있는 악성코드는 난독화나 변형기법으로 위장하고 있어 기존 안티바이러스 소프트웨어가 사용하는 시그니처 방식의 접근법으로 찾아내기 어렵다. 이를 해결하기 위하여, 웹 페이지를 분석하여 악성 웹 페이지와 양성 웹 페이지를 구별하기 위한 특징을 추출하고, 기계 학습법으로 널리 사용되는 SVM을 통하여 악성 웹 페이지를 분류하는 방법을 제안한다. 제안하는 방법이 우수함을 실험을 통하여 보인다. 제안한 방법으로 악성 웹 페이지를 정확히 분류하면 웹 페이지를 통한악성코드의 배포를 막는데 이바지할 것이다.

Keywords

References

  1. L.C. Tae, J.H, Oh and H,C. Jeong, "Study of the Technique Trend and Analysis Method of Recent Malaware," Communications of the KIISE, Vol.28, No.11, pp.117-125. Nov. 2010.
  2. Y.-T. Hou, Y. Chang, T. Chen, C.-S. Laih and C.-M. Chen, "Malicious web content detection by machine learning," Expert Systems with Applications, Vol.378, pp.55-60, 2010.
  3. IBM X-Force Team, "IBM X-Force 2010 Trend and Risk Report", IBM Published, March, 2011
  4. ByungHa Choi and Kyungsan Cho, "An Improved Detecting Scheme of Malicious Codes using HTTP Outbound Traffic," Journal of the KSCI, Vol.14, No.9 pp.47-54, Aug. 2009. (in Korean)
  5. Hee-Hwan Park and Dea-Woo Park, "A Study on Treatment Way of a Malicious Code to injected in Windows System File," Journal of the KSCI, Vol.14, No.2, pp.255-262, De. 2006. (in Korean)
  6. Chong-Woo Woo and Kyoung-Hui Ha, "A Development of Malware Detection Tool based on Signature Patterns," Journal of the KSCI, Vol.10, No.6, pp.127-136, De. 2005. (in Korean)
  7. N. Proves, D. McNamee, et al., "The Ghost In The Browser Analysis of Web-based Malware", Proc.Of the first USENIX workshop on hot topic in Botnets, 2007.4
  8. B. Kim, C. Im, H. Jung, "Suspicious Malicious Web Site Detection with Strength Analysis of a JavaScript Obfuscation", International Journal of Advanced Science and Technology, Vol.26, pp.19-32, Jan, 2011.
  9. Peter Likarish, E. Jung, I. Jo, "Obfuscated Malicious JavaScript Detection using Classification Techniques", in 4th International Conference on Malicious and Unwanted Software, pp.47-54, 2009.
  10. H. Chang, M. Kim, D. Kim, J. Lee, H. Kim, and S. Cho, "An Implementation of System for Detecting and Filtering Malicious URLs," Journal of KIISE:Computing Practices and Letters, Vol.16, No.4, pp.405-414, Apr. 2010. (in Korean)
  11. Y. Choi, T. Kim, and S. Choi, "Automatic Detection for JavaScript Obfuscation Attacks in Web Pages through String Pattern Analysis", International Journal of Security and Its Applications, Vol.4, No.2, pp.13-26, Apr. 2010.
  12. B. Feinstein and D. Peck, "Caffeine Monkey: Automated Collection, Detection and Analysis of Malicious JavaScript", Black Hat USA, 2007.
  13. Christian Seifert, Ian Welch, Peter Komisarczuk, "Identification of Malicious Web Pages with Static Heuristics," Telecommunication Networks and Applications Conference, pp.91-96, Dec. 2008.
  14. J. Lee, J. Moon, S. Cho, Y. Lee, M. Park, and W. Choi, "Malicious Web Page Detection Using Malicious Code Spreading Pattern," The 3rd International Conference on Internet (ICONI 2011), pp.195-200, Dec. 2011.
  15. Chih-Chung Chang and Chih-Jen Lin, LIBSVM: a library for support vector machines, 2001. Software available at http://www.csie.ntu.edu.tw/-cjlin/libsvm.

Cited by

  1. 단어 군집 기반 모바일 애플리케이션 범주화 vol.19, pp.3, 2014, https://doi.org/10.9708/jksci.2014.19.3.017