ALICE@Home: Distributed Framework for Detecting Malicious Sites

Citation

Erete, I., Yegneswaran, V., Porras, P. (2009). ALICE@home: Distributed Framework for Detecting Malicious Sites. In: Kirda, E., Jha, S., Balzarotti, D. (eds) Recent Advances in Intrusion Detection. RAID 2009. Lecture Notes in Computer Science, vol 5758. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04342-0_25

Abstract

Malware silently infects millions of systems every year through drive-by downloads, i.e., client-side exploits against web browsers or browser helper objects that are triggered when unsuspecting users visit a page containing malicious content. Identifying and blacklisting websites that distribute malicious content or redirect to a distributing page is an important part of our defense strategy against such attacks. However, building such lists is fraught with challenges of scale, timeliness and deception due to evasive strategies employed by adversaries. In this work, we describe alice@home, a distributed approach to overcoming these challenges and actively identifying malware distribution sites.

Keywords: Distribution Site, Document Object Model, USENIX Security Symposium, Malicious Content, Malicious Site

View online

Read more from SRI

  • surgeons around a surgical robot

    The SRI research behind today’s surgical robotics

    Intuitive’s da Vinci 5 system represents a major leap in robotic-assisted medicine. It all started at SRI, which continues to advance teleoperation technologies.

  • a collage of digital graphs

    A banner year for quantum

    SRI-managed QED-C’s annual report on quantum trends captures an industry accelerating rapidly from technical promise toward major global impact.

  • ICE Cube containing SRI’s aerogel experiment, photographed prior to launch. Source: Aerospace Applications North America

    An SRI carbon capture experiment launches into space

    By synthesizing carbon-absorbing aerogels in microgravity, SRI research will give us a rare glimpse into how these materials could be radically improved.