A multidimensional analysis of malicious and compromised websites

Canali, Davide
Thesis

The incredible growth of the World Wide Web has allowed society to create new jobs, marketplaces, leisure activities, as well as new ways of sharing information and money. Unfortunately, however, the web is also attracting more and more miscreants who see it as a means of making money by abusing services and other people's property.

In this dissertation, we perform a multidimensional analysis of attacks involving malicious or compromised websites, by observing that, while web attacks can be very complex in nature, they generally involve four main actors.

These are the attackers, the vulnerable websites hosted on the premises of hosting providers, the web users who end up being victims of attacks, and the security companies who scan the Internet trying spot criminals and blocking malicious or compromised websites.

In particular, we first analyze web attacks from a hosting provider's point of view, showing that, while simple and free security measures should allow to detect simple signs of compromise on customers' websites, most hosting providers fail to do so. Second, we switch our point of view on the attackers, by studying their modus operandi and their goals in a large distributed experiment involving the collection of attacks performed against hundreds of vulnerable web sites. Third, we observe the behavior of victims of web attacks, based on the analysis of their browsing habits. This allows us to understand if it would be feasible to build risk profiles for web users, somehow similarly to what insurance companies do. Finally, we adopt the point of view of security companies and focus on finding an efficient solution to detecting web attacks that typically spread on compromised websites, and infect thousands of web users every day. 


HAL
Type:
Thesis
Date:
2014-02-12
Department:
Digital Security
Eurecom Ref:
4219
Copyright:
© TELECOM ParisTech. Personal use of this material is permitted. The definitive version of this paper was published in Thesis and is available at :
See also:

PERMALINK : https://www.eurecom.fr/publication/4219