IceShield: Detection and mitigation of malicious websites with a frozen DOM

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 6961 LNCS, Issue , 2011, Pages 281-300

  Heiderich, Mario ^a   Frosch, Tilman ^a   Holz, Thorsten ^a  

^a RUHR UNIVERSITY BOCHUM   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

CODE ANALYSIS; COMPUTING POWER; DEFENSE MECHANISM; DETECTION PROCESS; DYNAMIC CHARACTER; IN-LINE; JAVASCRIPT; MALICIOUS ACTIVITIES; OBJECT PROPERTY; PROTOTYPE VERSIONS; RUNTIMES; SCRIPTING LANGUAGES; SMARTPHONES; TAMPER RESISTANT;

CODES (SYMBOLS); HIGH LEVEL LANGUAGES; INTRUSION DETECTION; JAVA PROGRAMMING LANGUAGE;

DYNAMIC ANALYSIS;

EID: 84857273448     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-23644-0_15     Document Type: Conference Paper

References (38)

1. Provos, N., Mavrommatis, P., Rajab, M.A., Monrose, F.: All your iFRAMEs point to us. In: USENIX Security Symposium (2008)
2. Kirda, E., Kruegel, C., Vigna, G., Jovanovic, N.: Noxes: A client-side solution for mitigating Cross-Site scripting attacks. In: ACM Symposium on Applied Computing, SAC (2006)
3. Martin, M., Lam, M.S.: Automatic generation of XSS and SQL injection attacks with Goal-Directed model checking. In: USENIX Security Symposium (2008)
4. Wassermann, G., Su, Z.: Static detection of Cross-Site scripting vulnerabilities. In: International Conference on Software Engineering, ICSE (2008)
5. Balduzzi, M.: New insights into clickjacking. In: OWASP AppSec Research (2010)
6. Cova, M., Kruegel, C., Vigna, G.: Detection and analysis of drive-by-download attacks and malicious JavaScript code. In: 19th International Conference on World Wide Web (2010)
7. Rieck, K., Krueger, T., Dewald, A.: Cujo: Efficient Detection and Prevention of Drive-by-Download Attacks. In: Annual Computer Security Applications Conference, ACSAC (2010)
8. Guarnieri, S., Livshits, B.: GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code. In: USENIX Security Symposium (2009)
9. Miller, M.S., Samuel, M., Laurie, B., Awad, I., Stay, M.: Caja - safe active content in sanitized javascript (2007), http://code.google.com/p/google- caja/
10. Wang, H.J., Grier, C., Moshchuk, A., King, S.T., Choudhury, P., Venter, H.: The Multi-Principal OS Construction of the Gazelle Web Browser. In: USENIX Security Symposium (2009)
11. Mozilla: String - MDC (2011), https://developer.mozilla.org/en/Core JavaScript 1.5 Reference/Global Objects/String#Methods 2
12. Heyes, G.: Polymorphic javascript (2010), http://www.thespanner.co.uk/ 2008/02/27/polymorphic-javascript/
13. Song, Y., Locasto, M.E., Stavrou, A., Keromytis, A.D., Stolfo, S.J.: On the infeasibility of modeling polymorphic shellcode. Mach. Learn. 81 (2010)
14. Oberheide, J., Cooke, E., Jahanian, F.: CloudAV: N-Version Antivirus in the Network Cloud. In: USENIX Security Symposium (2008)
15. Barth, A.: Bug 29278 XSSAuditor bypasses from sla.ckers.org (2009), https://bugs.webkit.org/show-bug.cgi?id=29278
16. Kouzemchenko, A.: Examining and bypassing the IE8 XSS filter (2009), http://www.slideshare.net/kuza55/examining-the-ie8-xss-filter
17. Father, H.: Hooking Windows API - Technics of Hooking API functions on Windows. The CodeBreakers Journal 1 (2004)
18. Willems, C., Holz, T., Freiling, F.: CWSandbox: Towards Automated Dynamic Binary Analysis. IEEE Security and Privacy 5 (2007)
19. Mozilla: defineProperty - MDC (2011), https://developer.mozilla.org/en/ JavaScript/Reference/Global Objects/Object/defineProperty
20. Mozilla: defineProperties - MDC (2011), https://developer.mozilla.org/en/ JavaScript/Reference/Global Objects/Object/defineProperties
21. Mozilla: window.location - MDC (2011), https://developer.mozilla.org/en/ window.location
22. Mozilla: document.URL - MDC (2010), https://developer.mozilla.org/en/ document.URL
23. Hastie, T., Tibshirani, R., Friedman, R.: Linear discriminant analysis. In: The Elements of Statistical Learning, p. 84. Springer, Heidelberg (2001)
24. W3C: Client-side scripting techniques for WCAG 2.0 (2004), http://www.w3.org/TR/2004/WD-WCAG20-SCRIPT-TECHS-20041119/
25. Masinter, L.: RFC 2397 - the "data" URL scheme (1998)
26. Mozilla: Gecko - MDC (2011), https://developer.mozilla.org/en/Gecko
27. Mozilla: Gecko-Specific DOM events - MDC (2011), https://developer. mozilla.org/en/Gecko-Specific-DOM-Events
28. Nava, E.V.: ACS - active content signatures. PST WEBZINE 0X04 (2006)
29. Phung, P.H., Sands, D., Chudnov, A.: Lightweight Self-Protecting javascript. In: ACM Symposium on Information, Computer and Communications Security (ASIACCS) (March 2009)
30. Johns, M.: Code Injection Vulnerabilities in Web Applications - Exemplified at Cross-site Scripting. PhD thesis. University of Passau, Passau (2009)
31. Deiters, M.: Aspect-Oriented programming (2010), http://msdn.microsoft. com/en-us/library/aa288717(VS.71).aspx
32. Barth, A., Felt, A.P., Saxena, P., Boodman, A.: Protecting browsers from extension vulnerabilities. In: Proc. of the 17th Network and Distributed System Security Symposium (2009), http://www.adambarth.com/papers/2010/barth-felt- saxena-boodman.pdf
33. Naraine, R.: Drive-by downloads. the web under siege - securelist (2009), http://www.securelist.com/en/analysis?pubid=204792056
34. OWASP: Enterprise security API (2011), http://www.owasp.org/index.php/ Category:OWASP-Enterprise-Security-API
35. Alexa, the Web Information Company: Top 1,000,000 Sites (2010), http://www.alexa.com/topsites
36. Malware Domain List (2010), http://www.malwaredomainlist.com/mdlcsv.php
37. Curtsinger, C., Livshits, B., Zorn, B., Seifert, C.: Zozzle: Fast and Precise In- Browser JavaScript Malware Detection. In: USENIX Security Symposium (2011)
38. Wang, Y.M., Beck, D., Jiang, X., Roussev, R., Verbowski, C., Chen, S., King, S.T.: Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities. In: Network and Distributed System Security Symposium, NDSS (2006)