Malicious website identification using design attribute learning

Or Naim*, Doron Cohen, Irad Ben-Gal

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

4 Scopus citations

Abstract

Malicious websites pose a challenging cybersecurity threat. Traditional tools for detecting malicious websites rely heavily on industry-specific domain knowledge, are maintained by large-scale research operations, and result in a never-ending attacker–defender dynamic. Malicious websites need to balance two opposing requirements to successfully function: escaping malware detection tools while attracting visitors. This fundamental conflict can be leveraged to create a robust and sustainable detection approach based on the extraction, analysis, and learning of design attributes for malicious website identification. In this paper, we propose a next-generation algorithm for extended design attribute learning that learns and analyzes web page structures, content, appearances, and reputation to detect malicious websites. Results from a large-scale experiment that was conducted on more than 35,000 websites suggest that the proposed algorithm effectively detects more than 83% of all malicious websites while maintaining a low false-positive rate of 2%. In addition, the proposed method can incorporate user feedback and flag new suspicious websites and thus can be effective against zero-day attacks.

Original languageEnglish
Pages (from-to)1207-1217
Number of pages11
JournalInternational Journal of Information Security
Volume22
Issue number5
DOIs
StatePublished - Oct 2023

Funding

FundersFunder number
Koret Foundation

    Keywords

    • Cybersecurity
    • Human–computer interaction
    • Machine learning
    • Malicious websites
    • Website design attributes

    Fingerprint

    Dive into the research topics of 'Malicious website identification using design attribute learning'. Together they form a unique fingerprint.

    Cite this