Weaknesses in defenses against web-borne malware
作者: Gen Lu , Saumya Debray
DOI: 10.1007/978-3-642-39235-1_8
关键词: Obfuscation (software) 、 World Wide Web 、 Computer security 、 JavaScript 、 Malware 、 Code generation 、 Emulation 、 Computer science 、 Code (cryptography) 、 String (computer science) 、 Exploit
摘要: Web-based mechanisms, often mediated by malicious JavaScript code, play an important role in malware delivery today, making defenses against web-borne crucial for system security. This paper explores weaknesses existing approaches to the detection of code. These generally fall into two categories: lightweight techniques focusing on syntactic features such as string obfuscation and dynamic code generation; heavier-weight that look deeper semantic characteristics presence shellcode-like strings or execution exploit We show each these has its weaknesses, state-of-the-art detectors using can be defeated cloaking combine emulation with anti-analysis checks. Our goal is promote a discussion research community robust defensive rather than ad-hoc solutions.
springer.com
elsevier.com
researchgate.net 
sci-hub.st 参考文章(28)
Charlie Curtsinger, Benjamin Livshits, Benjamin Zorn, Christian Seifert, ZOZZLE: fast and precise in-browser JavaScript malware detection usenix security symposium. pp. 3- 3 ,(2011)
Wenke Lee, Monirul I. Sharif, Andrea Lanzi, Jonathon T. Giffin, Impeding Malware Analysis Using Conditional Code Obfuscation network and distributed system security symposium. pp. 1- 13 ,(2008)
Rolf Rolles, Unpacking virtualization obfuscators WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies. pp. 1- 1 ,(2009)
Panayiotis Mavrommatis, Niels Provos, Dean McNamee, Nagendra Modadugu, Ke Wang, The ghost in the browser analysis of web-based malware conference on workshop on hot topics in understanding botnets. pp. 4- 4 ,(2007)
David Brumley, Cody Hartwig, Zhenkai Liang, James Newsome, Dawn Song, Heng Yin, Automatically Identifying Trigger-based Behavior in Malware Botnet Detection. pp. 65- 88 ,(2008) , 10.1007/978-0-387-68768-1_4
Paruj Ratanaworabhan, Benjamin Livshits, Benjamin Zorn, NOZZLE: a defense against heap-spraying code injection attacks usenix security symposium. pp. 169- 186 ,(2009)
Henry M. Levy, Alexander Moshchuk, Steven D. Gribble, Tanya Bragin, Damien Deville, SpyProxy: execution-based detection of malicious web content usenix security symposium. pp. 3- ,(2007)
Peter Sestoft, Neil D. Jones, Carsten K. Gomard, Partial evaluation and automatic program generation ,(1993)
Manuel Egele, Peter Wurzinger, Christopher Kruegel, Engin Kirda, Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks Detection of Intrusions and Malware, and Vulnerability Assessment. pp. 88- 106 ,(2009) , 10.1007/978-3-642-02918-9_6
Marco Cova, Christopher Kruegel, Giovanni Vigna, Detection and analysis of drive-by-download attacks and malicious JavaScript code the web conference. pp. 281- 290 ,(2010) , 10.1145/1772690.1772720