JSGuard: Shellcode Detection in JavaScript
作者: Boxuan Gu , Wenbin Zhang , Xiaole Bai , Adam C. Champion , Feng Qin
DOI: 10.1007/978-3-642-36883-7_8
关键词:
摘要: JavaScript (JS) based shellcode injections are among the most dangerous attacks to computer systems. Existing approaches have various limitations in detecting such attacks. In this paper, we propose a new detection methodology that overcomes these by fully using JS code execution environment information. We leverage information and create virtual where shellcodes’ real behavior can be precisely monitored redundancy reduced. Following methodology, implement JSGuard, prototype malicious system Debian Linux with kernel version 2.6.26. Our extensive experiments show JSGuard reports very few false positives negatives acceptable overhead.
springer.com
core.ac.uk
sci-hub.st 参考文章(45)
Charlie Curtsinger, Benjamin Livshits, Benjamin Zorn, Christian Seifert, ZOZZLE: fast and precise in-browser JavaScript malware detection usenix security symposium. pp. 3- 3 ,(2011)
Fabian Monrose, Srinivas Krishnan, Kevin Z. Snow, Niels Provos, SHELLOS: enabling fast detection and forensic analysis of code injection attacks usenix security symposium. pp. 9- 9 ,(2011)
Arun Lakhotia, Stack Shape Analysis to Detect Obfuscated calls in Binaries ,(2004)
Seth Fogie, Anton Rager, Robert Hansen, Petko D. Petkov, Jeremiah Grossman, XSS Attacks: Cross Site Scripting Exploits and Defense ,(2007)
Thomas Toth, Christopher Kruegel, Accurate buffer overflow detection via abstract payload execution recent advances in intrusion detection. pp. 274- 291 ,(2002) , 10.1007/3-540-36084-0_15
A. Lakhotia, E.U. Kumar, Adding distribution to existing applications by means of aspect oriented programming source code analysis and manipulation. pp. 107- 116 ,(2004) , 10.1109/SCAM.2004.2
Panayiotis Mavrommatis, Niels Provos, Dean McNamee, Nagendra Modadugu, Ke Wang, The ghost in the browser analysis of web-based malware conference on workshop on hot topics in understanding botnets. pp. 4- 4 ,(2007)
Paruj Ratanaworabhan, Benjamin Livshits, Benjamin Zorn, NOZZLE: a defense against heap-spraying code injection attacks usenix security symposium. pp. 169- 186 ,(2009)
Mihai Christodorescu, Somesh Jha, Static analysis of executables to detect malicious patterns usenix security symposium. pp. 12- 12 ,(2003) , 10.21236/ADA449067
Daniel C. DuVarney, Sandeep Bhatkar, R. Sekar, Address obfuscation: an efficient approach to combat a board range of memory error exploits usenix security symposium. pp. 8- 8 ,(2003)