for attacks that require user interaction (e.g., malicious ad-vertisements) with browser plugins enabled. In addition,improving the characterization of web pages by revisitingHTML4 features with respect to HTML5.

Large-Scale Evaluation: To evaluate the scalability of ourapproach and compare it with industry and research bench-marks using detection accuracy, false signals, and averagedelay to analyze a web page.

Public Deployment : We plan to deploy our approach asa public service with query interfaces for users and soft-ware services. The deployment mode (e.g., browser toolbar,proxy) is an open issue we will investigate in the future.

6. REFERENCES[1] M. Alexander, B. Tanya, D. Damien, S. D. Gribble,

and H. M. Levy. Spyproxy: execution-based detectionof malicious web content. In Proceedings of 16thUSENIX Security Symposium, pages 3:1–3:16, 2007.

[2] I. Archive. Heritrix.http://crawler.archive.org/index.html, July 2012.

[3] K. Byung-Ik, I. Chae-Tae, and J. Hyun-Chul.Suspicious malicious web site detection with strengthanalysis of a javascript obfuscation. In InternationalJournal of Advanced Science and Technology, pages19–32, 2011.

[4] D. Canali, M. Cova, G. Vigna, and C. Kruegel.Prophiler: a fast filter for the large-scale detection ofmalicious web pages. In Proceedings of WWW, pages197–206, 2011.

[5] H. Choi, B. B. Zhu, and H. Lee. Detecting maliciousweb links and identifying their attack types. InProceedings of the 2nd USENIX conference on Webapplication development, pages 11–11, 2011.

[6] S. Corporation. Symantec web based attack prevalencereport. http://www.symantec.com/business/threatreport/topic.jsp?id=threat_activity_trends&aid=web_based_attack_prevalence, July2011.

[7] A. Dewald, T. Holz, and F. C. Freiling. Adsandbox:sandboxing javascript to fight malicious websites. InACM Symposium on Applied Computing, pages1859–1864, 2010.

[8] B. Eshete, A. Villafiorita, and K. Weldemariam.Binspect: Holistic analysis and detection of maliciousweb pages. In Proceedings of Security and Privacy inCommunication Networks, 2012.

[9] B. Eshete, A. Villafiorita, and K. Weldemariam.Einspect: Evolution-guided analaysis and detection ofmalicious web pages. Technical report, FondazioneBruno Kessler, 2012.

[10] Google. Google safe browsing api.http://code.google.com/apis/safebrowsing/,August 2011.

[11] M. Hall, E. Frank, G. Holmes, B. Pfahringer,P. Reutemann, and I. H. Witten. The weka datamining software: An update. SIGKDD Explorations,11, 2009.

[12] A. Ikinci, T. Holz, and F. Freiling. Monkey-spider:Detecting malicious websites with low-interactionhoneyclients. In Proceedings of Sicherheit, Schutz undZuverl Lssigkeit, pages 407–421, 2008.

[13] M. Justin, S. L. K., S. Stefan, and V. G. M. Beyondblacklists: learning to detect malicious web sites fromsuspicious urls. In Proceedings of KDDM, pages1245–1254, 2009.

[14] M. Justin, S. L. K., S. Stefan, and V. G. M.Identifying suspicious urls: an application oflarge-scale online learning. In Proceedings of ICML,pages 681–688, 2009.

[15] C. Kolbitsch, B. Livshits, B. Zorn, and C. Seifer.Rozzle: De-cloaking internet malware. Technicalreport, Microsoft, 2011.

[16] C. Marco, K. Christopher, and V. Giovanni. Detectionand analysis of drive-by-download attacks andmalicious javascript code. In Proceedings of WWW,pages 281–290, 2010.

[17] T. Micro. Web threats. http://apac.trendmicro.com/apac/threats/enterprise/web-threats/,November 2012.

[18] MITRE. The mitre honeyclient project.http://search.cpan.org/~mitrehc, November 2011.

[19] H. Project. Honeyc.https://projects.honeynet.org/honeyc, July 2011.

[20] T. H. Project. Capture-hpc.https://projects.honeynet.org/capture-hpc,October 2011.

[21] M. Qassrawi and H. Zhang. Detecting malicious webservers with honeyclients. Journal of Networks, 6(1),2011.

[22] K. Rieck, T. Krueger, and A. Dewald. Cujo: efficientdetection and prevention of drive-by-downloadattacks. In Proceedings ACSAC, pages 31–39, 2010.

[23] C. Seifert, I. Welch, and P. Komisarczuk. Identificationof malicious web pages with static heuristics. InProceedings of the Australasian TelecommunicationNetworks and Applications Conference, 2008.

[24] C. Seifert, I. Welch, P. Komisarczuk, C. Aval, andB. Endicott-Popovsky. Identification of malicious webpages through analysis of underlying dns and webserver relationships. In 33rd IEEE Conference onLocal Computer Networks, 2008.

[25] G. Software. Htmlunit.http://htmlunit.sourceforge.net/, March 2012.

[26] Symantec. Symantec report on attack kits andmalicious websites. http://symantec.com/content/en/us/enterprise/other_resources/b-symantec_report_on_attack_kits_and_malicious_websites_21169171_WP.en-us.pdf,July 2011.

[27] K. Thomas, C. Grier, J. Ma, V. Paxson, and D. Song.Design and Evaluation of a Real-Time URL SpamFiltering Service. In Proceedings of the IEEESymposium on Security and Privacy, 2011.

[28] UCSB. Wepawet. http://wepawet.cs.ucsb.edu, July2011.

[29] Y.-M. Wang, D. Beck, X. Jiang, and R. Roussev.Automated web patrol with strider honeymonkeys:Finding web sites that exploit browser vulnerabilities.In Proceedings of the NDSS, 2006.

[30] A. Weiss. Top 5 security threats in html5. http://www.esecurityplanet.com/trends/article.php/3916381/Top-5-Security-Threats-in-HTML5.htm,October 2011.

[31] D. Whitley. A genetic algorithm tutorial. Statisticsand Computing, 4:65–85, 1993.

[32] C. Whittaker, B. Ryner, and M. Nazif. Large-scaleautomatic classification of phishing pages. InProceedings of the NDSS, 2010.

[33] H. Yung-Tsung, C. Yimeng, C. Tsuhan, L. Chi-Sung,and C. Chia-Mei. Malicious web content detection bymachine learning. Expert Syst. Appl., 37(1):55–60,2010.

359