TY - JOUR
T1 - A risk-scoring feedback model for webpages and web users based on browsing behavior
AU - Neria, Michal Ben
AU - Yacovzada, Nancy Sarah
AU - Ben-Gal, Irad
N1 - Publisher Copyright:
© 2017 ACM.
PY - 2017/5
Y1 - 2017/5
N2 - It has been claimed thatmany security breaches are often caused by vulnerable (näive) employees within the organization [Ponemon Institute LLC 2015a]. Thus, the weakest link in security is often not the technology itself but rather the people who use it [Schneier 2003]. In this article, we propose a machine learning scheme for detecting risky webpages and risky browsing behavior, performed by näive users in the organization. The scheme analyzes the interaction between two modules: one represents näive users, while the other represents risky webpages. It implements a feedback loop between these modules such that if a webpage is exposed to a lot of traffic from risky users, its "risk score" increases, while in a similar manner, as the user is exposed to risky webpages (with a high "risk score"), his own "risk score" increases. The proposed scheme is tested on a real-world dataset of HTTP logs provided by a large American toolbar company. The results suggest that a feedback learning process involving webpages and users can improve the scoring accuracy and lead to the detection of unknown malicious webpages.
AB - It has been claimed thatmany security breaches are often caused by vulnerable (näive) employees within the organization [Ponemon Institute LLC 2015a]. Thus, the weakest link in security is often not the technology itself but rather the people who use it [Schneier 2003]. In this article, we propose a machine learning scheme for detecting risky webpages and risky browsing behavior, performed by näive users in the organization. The scheme analyzes the interaction between two modules: one represents näive users, while the other represents risky webpages. It implements a feedback loop between these modules such that if a webpage is exposed to a lot of traffic from risky users, its "risk score" increases, while in a similar manner, as the user is exposed to risky webpages (with a high "risk score"), his own "risk score" increases. The proposed scheme is tested on a real-world dataset of HTTP logs provided by a large American toolbar company. The results suggest that a feedback learning process involving webpages and users can improve the scoring accuracy and lead to the detection of unknown malicious webpages.
KW - Link-based ranking algorithms
KW - Machine learning
KW - Malware detection
KW - Naïve user behavior
KW - Spectral clustering
UR - http://www.scopus.com/inward/record.url?scp=85019592153&partnerID=8YFLogxK
U2 - 10.1145/2928274
DO - 10.1145/2928274
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:85019592153
SN - 2157-6904
VL - 8
JO - ACM Transactions on Intelligent Systems and Technology
JF - ACM Transactions on Intelligent Systems and Technology
IS - 4
M1 - 2928274
ER -