Check out the new USENIX Web site.


Impact of browsing habits

In order to examine the impact of users' browsing habits on their exposure to exploitation via drive-by downloads, we measure the prevalence of malicious websites across the different website functional categories based on the DMOZ classification [1]. Using a large random sample of about $ 7.2$ million URLs , we first map each URL to its corresponding DMOZ category. We were able to find the corresponding DMOZ categories for about 50% of these URLsThis mapping is readily available at Google.. We further inspect each URL through our indepth verification system then measure the percentage of malicious URLs in each functional category. Figure 4 shows the prevalence of detected malicious and suspicious websites in each top level DMOZ category.

As the graph illustrates, website categories associated with ``gray content'' (e.g., adult websites) show a stronger connection to malicious content. For instance, about 0.6% of the URLs in the Adult category exhibited drive-by download activity upon visiting these websites. These results suggest that users who browse such websites will likely be more exposed to exploitation compared to users who browse websites from the other functional categories. However, an important observation from the same figure is that the distribution of malicious websites is not significantly skewed toward pages that serve gray content. In fact, the distribution shows that malicious websites are generally present in all website categories we observed. Overall, these results show that while ``safe browsing'' habits may limit users' exposure to drive-by downloads it does not provide an effective safeguard against exploitation.

Figure 4: Prevalence of suspicious and malicious pages.
\includegraphics[width=3in]{graphs/hist-category-prevalence.eps}
Niels Provos 2008-05-13