Abstract
It has been claimed thatmany security breaches are often caused by vulnerable (näive) employees within the organization [Ponemon Institute LLC 2015a]. Thus, the weakest link in security is often not the technology itself but rather the people who use it [Schneier 2003]. In this article, we propose a machine learning scheme for detecting risky webpages and risky browsing behavior, performed by näive users in the organization. The scheme analyzes the interaction between two modules: one represents näive users, while the other represents risky webpages. It implements a feedback loop between these modules such that if a webpage is exposed to a lot of traffic from risky users, its "risk score" increases, while in a similar manner, as the user is exposed to risky webpages (with a high "risk score"), his own "risk score" increases. The proposed scheme is tested on a real-world dataset of HTTP logs provided by a large American toolbar company. The results suggest that a feedback learning process involving webpages and users can improve the scoring accuracy and lead to the detection of unknown malicious webpages.
| Original language | English |
|---|---|
| Article number | 2928274 |
| Journal | ACM Transactions on Intelligent Systems and Technology |
| Volume | 8 |
| Issue number | 4 |
| DOIs | |
| State | Published - May 2017 |
| Externally published | Yes |
Keywords
- Link-based ranking algorithms
- Machine learning
- Malware detection
- Naïve user behavior
- Spectral clustering
All Science Journal Classification (ASJC) codes
- Theoretical Computer Science
- Artificial Intelligence