Cujo: Efficient detection and prevention of drive-by-download attacks

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2010, Pages 31-39

  Rieck, Konrad ^a   Krueger, Tammo ^b   Dewald, Andreas ^c  

^a TECHNISCHE UNIVERSITÄT BERLIN   (Germany)

^b FRAUNHOFER FOKUS   (Germany)

^c UNIVERSITY OF MANNHEIM   (Germany)

Author keywords

drive by downloads; dynamic code analysis; machine learning; static code analysis; web security

Indexed keywords

APPLICATION PROGRAMS; ARTIFICIAL INTELLIGENCE; CODES (SYMBOLS); HIGH LEVEL LANGUAGES; LEARNING SYSTEMS; WEB BROWSERS;

CODE ANALYSIS; CORE COMPONENTS; DRIVE-BY DOWNLOADS; DYNAMIC CODE ANALYSE; EFFICIENT DETECTION; JAVASCRIPT LANGUAGE; MACHINE-LEARNING; STATIC CODE ANALYSIS; WEB SECURITY; WEB-PAGE;

WEBSITES;

EID: 78751553658     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1920261.1920267     Document Type: Conference Paper

References (22)

1. Standard ECMA-262: ECMAScript Language Specification (JavaScript). 3rd Edition, ECMA International, 1999.
2. Symantec Global Internet Security Threat Report: Trends for 2009. Vol. XIV, Symantec, Inc., 2010.
3. A. Aho, R. Sethi, and J. Ullman. Compilers Principles, Techniques, and Tools. Addison-Wesley, 1985.
4. M. Cova, C. Kruegel, and G. Vigna. Detection and analysis of drive-by-download attacks and malicious JavaScript code. In Proc. of the International World Wide Web Conference (WWW), 2010.
5. M. Daniel, J. Honoroff, and C. Miller. Engineering heap overflow exploits with JavaScript. In Proc. of USENIX Workshop on Offensive Technologies (WOOT), 2008.
6. A. Dewald, T. Holz, and F. Freiling. ADSandbox: Sandboxing JavaScript to fight malicious websites. In Proc. of ACM Symposium on Applied Computing (SAC), 2010.
7. M. Egele, E. Kirda, and C. Kruegel. Mitigating drive-by download attacks: Challenges and open problems. In Proc. of Open Research Problems in Network Security Workshop (iNetSec), 2009.
8. M. Egele, P. Wurzinger, C. Kruegel, and E. Kirda. Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks. In Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2009.
9. R.-E. Fan, K.-W. Chang, C.-J. Hsieh, X.-R. Wang, and C.-J. Lin. LIBLINEAR: A library for large linear classification. Journal of Machine Learning Research, 9:1871-1874, 2008.
10. S. Forrest, S. Hofmeyr, A. Somayaji, and T. Longstaff. A sense of self for Unix processes. In Proc. of IEEE Symposium on Security and Privacy, pages 120-128, Oakland, CA, USA, 1996.
11. M. Johns. On JavaScript malware and related threats - Web page based attacks revisited. Journal in Computer Virology, 4(3):161-178, 2008.
12. E. Kirda, C. Kruegel, G. Vigna, , and N. Jovanovic. Noxes: A client-side solution for mitigating cross site scripting attacks. In Proc. of ACM Symposium on Applied Computing (SAC), 2006.
13. K.-R. Müller, S. Mika, G. Rätsch, K. Tsuda, and B. Schölkopf. An introduction to kernel-based learning algorithms. IEEE Neural Networks, 12(2):181-201, May 2001.
14. J. Nazario. A virtual client honeypot. In Proc. of USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), 2009.
15. N. Provos, P. Mavrommatis, M. Rajab, and F. Monrose. All your iframes point to us. In Proc. of USENIX Security Symposium, 2008.
16. N. Provos, D. McNamee, P. Mavrommatis, K. Wang, and N. Modadugu. The ghost in the browser: Analysis of web-based malware. In Proc. of USENIX Workshop on Hot Topics in Understanding Botnets (HotBots), 2007.
17. P. Ratanaworabhan, B. Livshits, and B. Zorn. Nozzle: A defense against heap-spraying code injection attacks. Technical Report MSR-TR-2008-176, Microsoft Research, 2008.
18. K. Rieck and P. Laskov. Detecting unknown network attacks using language models. In Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), pages 74-90, July 2006.
19. K. Rieck and P. Laskov. Linear-time computation of similarity measures for sequential data. Journal of Machine Learning Research, 9(Jan):23-48, 2008.
20. B. Schölkopf and A. Smola. Learning with Kernels. MIT Press, Cambridge, MA, 2002.
21. C. Seifert and R. Steenson. Capture - honeypot client (Capture-HPC). Victoria University of Wellington, NZ, https://projects.honeynet.org/capture- hpc, 2006.
22. K.Wang, J. Parekh, and S. Stolfo. Anagram: A content anomaly detector resistant to mimicry attack. In Recent Advances in Intrusion Detection (RAID), pages 226-248, 2006.