Abstract
Malware silently infects millions of systems every year through drive-by downloads, i.e., client-side exploits against web browsers or browser helper objects that are triggered when unsuspecting users visit a page containing malicious content. Identifying and blacklisting websites that distribute malicious content or redirect to a distributing page is an important part of our defense strategy against such attacks. However, building such lists is fraught with challenges of scale, timeliness and deception due to evasive strategies employed by adversaries. In this work, we describe alice@home, a distributed approach to overcoming these challenges and actively identifying malware distribution sites.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Moshchuk, A., Bragin, T., Deville, D., Gribble, S.D., Levy, H.M.: Spyproxy: Execution-based detection of malicious web content. In: 16th USENIX Security Symposium (August 2007)
Moshchuk, A., Bragin, T., Gribble, S.D., Levy, H.M.: A crawler-based study of spyware on the web. In: Network and Distributed System Security Symposium (February 2006)
Nazario, J.: Phoneyc: A virtual client honeypot. In: 2nd USENIX Workshop on Large-Scale and Emergent Threats, Boston, MA (April 2009)
Provos, N., Mavrommatis, P., Rajab, M.A., Monrose, F.: All your iframes point to us. In: 17th USENIX Security Symposium (2008)
Anagnostakis, K.G., Antonatos, S., Markatos, E.P.: Honey@home: A new approach to large-scale threat monitor. In: 5th ACM Workshop on Recurring Malcode (2007)
Wang, Y.-M., Beck, D., Jiang, X., Roussev, R., Verbowski, C., Chen, S., King, S.: Automated web patrol with strider honeymonkeys: Finding web sites that exploit browser vulnerabilities. In: Network and Distributed System Security Symposium (NDSS), San Diego, CA (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Erete, I., Yegneswaran, V., Porras, P. (2009). ALICE@home: Distributed Framework for Detecting Malicious Sites. In: Kirda, E., Jha, S., Balzarotti, D. (eds) Recent Advances in Intrusion Detection. RAID 2009. Lecture Notes in Computer Science, vol 5758. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04342-0_25
Download citation
DOI: https://doi.org/10.1007/978-3-642-04342-0_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04341-3
Online ISBN: 978-3-642-04342-0
eBook Packages: Computer ScienceComputer Science (R0)