A multidimensional analysis of malicious and compromised websites

Abstract : The incredible growth of the World Wide Web has allowed society to create new jobs, marketplaces, as well as new ways of sharing information and money. Unfortunately, however, the web also attracts miscreants who see it as a means of making money by abusing services and other people's property. In this dissertation, we perform a multidimensional analysis of attacks involving malicious or compromised websites, by observing that, while web attacks can be very complex in nature, they generally involve four main actors. These are the attackers, the vulnerable websites hosted on the premises of hosting providers, the web users who end up being victims of attacks, and the security companies who scan the Internet trying to block malicious or compromised websites. In particular, we first analyze web attacks from a hosting provider's point of view, showing that, while simple and free security measures should allow to detect simple signs of compromise on customers' websites, most hosting providers fail to do so. Second, we switch our point of view on the attackers, by studying their modus operandi and their goals in a distributed experiment involving the collection of attacks performed against hundreds of vulnerable web sites. Third, we observe the behavior of victims of web attacks, based on the analysis of their browsing habits. This allows us to understand if it would be feasible to build risk profiles for web users, similarly to what insurance companies do. Finally, we adopt the point of view of security companies and focus on finding an efficient solution to detecting web attacks that spread on compromised websites, and infect thousands of web users every day
Document type :
Theses
Complete list of metadatas

Cited literature [85 references]  Display  Hide  Download

https://pastel.archives-ouvertes.fr/tel-01361433
Contributor : Abes Star <>
Submitted on : Wednesday, September 7, 2016 - 11:56:08 AM
Last modification on : Thursday, October 17, 2019 - 12:36:09 PM
Long-term archiving on : Thursday, December 8, 2016 - 12:48:06 PM

File

TheseCanaliV2.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-01361433, version 1

Citation

Davide Canali. A multidimensional analysis of malicious and compromised websites. Cryptography and Security [cs.CR]. Télécom ParisTech, 2014. English. ⟨NNT : 2014ENST0009⟩. ⟨tel-01361433⟩

Share

Metrics

Record views

403

Files downloads

3133