A simple client-side defense against environment-dependent web-based malware
作者: Gen Lu , Karan Chadha , Saumya Debray
DOI: 10.1109/MALWARE.2013.6703694
关键词: Computer security 、 Client-side 、 JavaScript 、 Cryptovirology 、 PATH (variable) 、 Code (cryptography) 、 Web threat 、 Computer science 、 Detector 、 Malware
摘要: Web-based malware tend to be environment-dependent, which poses a significant challenge on defending web-based attacks, because the malicious code - may exposed and activated only under specific environmental conditions such as version of browser not triggered during analysis. This paper proposes simple approach for environment-dependent malware. Instead increasing analysis coverage in detector, goal this technique is ensure that client will take same execution path one examined by detector. designed work alongside it can handle cases existing multi-path exploration techniques are incapable of, provides an efficient way identify discrepancies JavaScript program's behavior user's environment compared its sandboxed thereby detecting false negatives have been caused dependencies. Experiment shows effectively detect discrepancy various forms, including those seen real
elsevier.com
computer.org
sci-hub.se 参考文章(17)
Charlie Curtsinger, Benjamin Livshits, Benjamin Zorn, Christian Seifert, ZOZZLE: fast and precise in-browser JavaScript malware detection usenix security symposium. pp. 3- 3 ,(2011)
Gen Lu, Saumya Debray, Weaknesses in defenses against web-borne malware international conference on detection of intrusions and malware and vulnerability assessment. pp. 139- 149 ,(2013) , 10.1007/978-3-642-39235-1_8
Martina Lindorfer, Clemens Kolbitsch, Paolo Milani Comparetti, Detecting Environment-Sensitive Malware Lecture Notes in Computer Science. pp. 338- 357 ,(2011) , 10.1007/978-3-642-23644-0_18
David Brumley, Cody Hartwig, Zhenkai Liang, James Newsome, Dawn Song, Heng Yin, Automatically Identifying Trigger-based Behavior in Malware Botnet Detection. pp. 65- 88 ,(2008) , 10.1007/978-0-387-68768-1_4
Paruj Ratanaworabhan, Benjamin Livshits, Benjamin Zorn, NOZZLE: a defense against heap-spraying code injection attacks usenix security symposium. pp. 169- 186 ,(2009)
Manuel Egele, Peter Wurzinger, Christopher Kruegel, Engin Kirda, Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks Detection of Intrusions and Malware, and Vulnerability Assessment. pp. 88- 106 ,(2009) , 10.1007/978-3-642-02918-9_6
Marco Cova, Christopher Kruegel, Giovanni Vigna, Detection and analysis of drive-by-download attacks and malicious JavaScript code the web conference. pp. 281- 290 ,(2010) , 10.1145/1772690.1772720
Hiralal Agrawal, Joseph R. Horgan, Dynamic program slicing programming language design and implementation. ,vol. 25, pp. 246- 256 ,(1990) , 10.1145/93542.93576
Konrad Rieck, Tammo Krueger, Andreas Dewald, Cujo: efficient detection and prevention of drive-by-download attacks annual computer security applications conference. pp. 31- 39 ,(2010) , 10.1145/1920261.1920267
Prateek Saxena, Devdatta Akhawe, Steve Hanna, Feng Mao, Stephen McCamant, Dawn Song, A Symbolic Execution Framework for JavaScript ieee symposium on security and privacy. pp. 513- 528 ,(2010) , 10.1109/SP.2010.38