"Safer Web Surfing With a New Method for Detecting Malicious Modes"

Researchers Yong-joon Lee of Far East University and Won-shik Na of Namseoul University, both in the Republic of Korea, have described a novel method for detecting hidden malicious code in websites. In contrast to currently employed methods, their approach focuses on identifying and analyzing typical attack patterns used during the spread of malicious code in websites. The researchers began their work by "crawling" through 500 malicious websites to collect data needed to identify attack patterns. They investigated the methods most commonly used in these websites to distribute malicious code. Then they concentrated on the programming techniques and scripts used in these malicious codes to exploit vulnerabilities, such as running shell scripts, executable files (.exe), or performing suspicious string manipulation. The researchers counted the number of times each of these techniques was used in malicious websites and devised an equation to calculate a website's "risk score." To do so, they quantified the reliability of each of these techniques as an indicator of suspicion by focusing on their false-positive detection rates, or how frequently a benign website using these techniques was incorrectly flagged as "malicious." The developed equation could identify the so-called distribution patterns used by hackers to spread malicious code using this information. Unlike previous detection methods, which focused on the actual execution of malicious code, the researchers' proposed detection method can identify malicious distribution patterns by analyzing user-side scripts while taking website characteristics into account. This article continues to discuss the proposed detection system based on analyzing distribution patterns of malicious code contained by websites. 

SPIE reports "Safer Web Surfing With a New Method for Detecting Malicious Modes"