BLACKLISTING OF MALICIOUS WEB PAGES BY EVALUATION OF DOMAIN REGISTRATION INFORMATION

Malicious web pages that host drive by download exploits have become a popular means by which an attacker delivers malicious contents onto computers across the internet. As a result of the increase in drive by download attack, researchers have developed systems to detect andstop such attacks. Blacklisting and in particular URL blacklisting is one main methods. URL blacklisting are however prone to evasion attacks when the lexical structure of the URL changes. In this paper, we propose the usage of domain related information for the detection of drive by download web pages. These domain features are used to model a scoring mechanism classification system. We show the effectiveness of detecting malicious web pages using domain basedby obtaining a high detection rateand a relatively low false negative.