Detecting Malicious Javascript in PDF through Document Instrumentation
作者: Daiping Liu , Haining Wang , Angelos Stavrou
DOI: 10.1109/DSN.2014.92
关键词: Exploit 、 Overhead (computing) 、 Unobtrusive JavaScript 、 Evasion (network security) 、 Computer science 、 Computer security 、 JavaScript 、 Context (language use) 、 Malware 、 Instrumentation (computer programming)
摘要: An emerging threat vector, embedded malware inside popular document formats, has become rampant since 2008. Owed to its wide-spread use and Javascript support, PDF been the primary vehicle for delivering exploits. Unfortunately, existing defenses are limited in effectiveness, vulnerable evasion, or computationally expensive be employed as an on-line protection system. In this paper, we propose a context-aware approach detection confinement of malicious PDF. Our statically extracts set static features inserts context monitoring code into document. When instrumented is opened, will cooperate with our runtime monitor detect potential infection attempts execution. Thus, detector can identify documents by using both features. To validate effectiveness real world setting, first conduct security analysis, showing that system able remain effective robust against evasion even presence sophisticated adversaries. We implement prototype proposed system, perform extensive experiments 18623 benign samples 7370 samples. evaluation results demonstrate accurately confine minor performance overhead.
computer.org
udel.edu 
sci-hub.se 参考文章(23)
Charlie Curtsinger, Benjamin Livshits, Benjamin Zorn, Christian Seifert, ZOZZLE: fast and precise in-browser JavaScript malware detection usenix security symposium. pp. 3- 3 ,(2011)
Kostas G. Anagnostakis, Michalis Polychronakis, Evangelos P. Markatos, An empirical study of real-world polymorphic code injection attacks usenix conference on large scale exploits and emergent threats. pp. 9- 9 ,(2009)
Davide Maiorca, Giorgio Giacinto, Igino Corona, A pattern recognition system for malicious PDF files detection machine learning and data mining in pattern recognition. ,vol. 7376, pp. 510- 524 ,(2012) , 10.1007/978-3-642-31537-4_40
M. Zubair Shafiq, Syed Ali Khayam, Muddassar Farooq, Embedded Malware Detection Using Markov n-Grams international conference on detection of intrusions and malware and vulnerability assessment. pp. 88- 107 ,(2008) , 10.1007/978-3-540-70542-0_5
Manuel Egele, Peter Wurzinger, Christopher Kruegel, Engin Kirda, Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks Detection of Intrusions and Malware, and Vulnerability Assessment. pp. 88- 106 ,(2009) , 10.1007/978-3-642-02918-9_6
Engin Kirda, Paolo Milani Comparetti, Christopher Kruegel, Clemens Kolbitsch, Xiaoyong Zhou, XiaoFeng Wang, Effective and efficient malware detection at the end host usenix security symposium. pp. 351- 366 ,(2009)
Marco Cova, Christopher Kruegel, Giovanni Vigna, Detection and analysis of drive-by-download attacks and malicious JavaScript code the web conference. pp. 281- 290 ,(2010) , 10.1145/1772690.1772720
Pavel Laskov, Nedim Šrndić, Static detection of malicious JavaScript-bearing PDF documents annual computer security applications conference. pp. 373- 382 ,(2011) , 10.1145/2076732.2076785
Zacharias Tzermias, Giorgos Sykiotakis, Michalis Polychronakis, Evangelos P. Markatos, Combining static and dynamic analysis for the detection of malicious documents Proceedings of the Fourth European Workshop on System Security - EUROSEC '11. pp. 4- ,(2011) , 10.1145/1972551.1972555
Davide Maiorca, Igino Corona, Giorgio Giacinto, Looking at the bag is not enough to find the bomb: an evasion of structural methods for malicious PDF files detection computer and communications security. pp. 119- 130 ,(2013) , 10.1145/2484313.2484327