A Novel Scoring Model to Detect Potential Malicious Web Pages

Malicious web pages have embedded within them active contents that exploit vulnerabilities in users´ browsers and plug-ins in order to compromise the users´ machines. Approaches from research into identifying malicious web pages can be classified into two groups depending upon the types of web page features used: either run-time features based upon observing what happens when the web page is loaded (slow but accurate) or static features based upon the content, structure or property of the web page (fast but inaccurate). Hybrid approaches combine the best of both to provide scalable systems with good accuracy by using the static feature based approach as a pre-filter for the run-time feature based approach. One of critical challenges for such hybrid approaches is to build effective pre-filter which has a capability to make the trade-off between reducing number of web pages passed through to the run-time feature detector and misidentifying malicious web pages as benign. This paper presents a novel scoring model to filter potential malicious web pages by using static features from various sources of information about malicious web pages, finding suitable algorithms to score maliciousness of each source of information, and finally finding the best ways to combine scores from different sources of information in order to achieve the best accuracy. The result shows that our novel scoring model can combine knowledge from various sources of information about web pages very effectively in order to filter potential malicious web pages.