Analyzing and defending against web-based malware

ACM Computing Surveys

Volumn 45, Issue 4, 2013, Pages

  Chang, Jian ^a   Venkatasubramanian, Krishna K ^a   West, Andrew G ^a   Lee, Insup ^a  

^a UNIVERSITY OF PENNSYLVANIA   (United States)

Author keywords

Web based malware

Indexed keywords

COMPUTER SYSTEM FIREWALLS; COMPUTER VIRUSES; INTRUSION DETECTION; NETWORK SECURITY; SURVEYS; TESTING; WEBSITES;

AS DISTRIBUTION; CYBER-CRIMES; DISTRIBUTION CHANNEL; FIREWALL DETECTION; INTERNET SECURITY; INTRUSION DETECTION SYSTEMS; MALWARES; SECURITY TECHNOLOGY; THREE CATEGORIES; WEB-BASED MALWARE;

CYBERSECURITY;

EID: 84885193039     PISSN: 03600300     EISSN: 15577341     Source Type: Journal    
DOI: 10.1145/2501654.2501663     Document Type: Article

References (113)

1. AHO, A. V., SETHI, R., AND ULLMAN, J. D. 1986. Compilers: Principles, Techniques, and Tools. Addison-Wesley Longman Publishing, Boston, MA.
2. AKRITIDIS, P.,MARKATOS, E., POLYCHRONAKIS, M., AND ANAGNOSTAKIS, K. 2005. Stride: Polymorphic sled detection through instruction sequence analysis. In Proceedings of the 20thIFIP International Conference on Security and Privacy in the Age of Ubiquitous Computing. R. Sasaki, S. Qing, E. Okamoto, and H. Yoshiura, Eds., Springer, 375-391.
3. ANTONAKAKIS, M., PERDISCI, R., DAGON, D., LEE, W., AND FEAMSTER, N. 2010. Building a dynamic reputation system for DNS. In Proceedings of the 19th USENIX Security Symposium.
4. BAI, Y. AND KOBAYASHI, H. 2003. Intrusion detection systems: Technology and development. In Proceedings of the 17th International Conference on Advanced Information Networking and Applications (AINA'03). 710-715.
5. BAILEY, M., COOKE, E., JAHANIAN, F., XU, Y., AND KARIR, M. 2009. A survey of botnet technology and defenses. In Proceedings of the Cybersecurity Applications and Technology Conference for Homeland Security (CATCH'09). 299-304.
6. BAILEY, M.,OBERHEIDE, J.,ANDERSEN, J.,MAO, Z. M., JAHANIAN, F., AND NAZARIO, J. 2007. Automated classification and analysis of internetmalware. In Proceedings of the 10th International Conference on Recent Advances in Intrusion Detection (RAID'07). Springer, 178-197.
7. BALDUZZI, M., GIMENEZ, C. T., BALZAROTTI, D., AND KIRDA, E. 2011. Automated discovery of parameter pollution vulnerabilities in web applications. In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS'11).
8. BALZAROTTI, D., COVA, M., FELMETSGER, V., JOVANOVIC, N., KIRDA, E., KRUEGEL, C., AND VIGNA, G. 2008. Saner: Composing static and dynamic analysis to validate sanitization in web applications. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, Los Alamitos, CA, 387-401.
9. BAU, J.,BURSZTEIN, E.,GUPTA, D., ANDMITCHELL, J. 2010. State of the art: Automated black-box web application vulnerability testing. In Proceedings of the IEEE Symposium on Security and Privacy (SP'10). IEEE Computer Society, Los Alamitos, CA, 332-345.
10. BECK, D., VO, B., AND VERBOWSKI, C. 2005. Detecting stealth software with strider ghostbuster. In Proceedings of the International Conference on Dependable Systems and Networks (DSN'05). IEEE Computer Society, Los Alamitos, CA, 368-377.
11. BILGE, L.,KIRDA, E.,KRUEGEL, C., AND BALDUZZI, M. 2011. Exposure: Finding malicious domains using passive dns analysis. In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS'11).
12. BIND VULNERABILITIES. 1998. Multiple vulnerabilities in bind. ftp://info.cert.org/pub/certadvisories/CA-98.05.bindproblems.
13. BINSALLEEH, H., ORMEROD, T., BOUKHTOUTA, A., SINHA, P., YOUSSEF, A., DEBBABI, M., AND WANG, L. 2010. On the analysis of the zeus botnet crimeware toolkit. In Proceedings of the 8th Annual International Conference on Privacy, Security and Trust (PST'10). 31-38.
14. CHANG, J.,VENKATASUBRAMANIAN, K.,WEST, A. G.,KANNAN, S., SOKOLSKY, O.,KIM, M. J., AND LEE, I. 2011. Tomato: A trustworthy code mashup development tool. In Proceedings of the 5th International Workshop on Web APIs and Service Mashups (MASHUPS'11).
15. CHRISTODORESCU, M., JHA, S.,MAUGHAN, D., SONG, D., AND WANG, C. 2007. Malware Detection. Springer.
16. CHROME MALWARE. 2010. New drive-by attack targets google chrome users. http://downloadsquad.switched.com/2010/04/20/new-drive-by-attack-targets-google- chrome-users/.
17. CHUGH, R.,MEISTER, J. A., JHALA, R., AND LERNER, S. 2009. Staged information ow for javascript. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'09). ACM Press, New York, 50-62.
18. COVA, M., KRUEGEL, C., AND VIGNA, G. 2010a. Detection and analysis of drive-by-download attacks and malicious javascript code. In Proceedings of the 19th International Conference on World Wide Web (WWW'10). ACM Press, New York, 281-290.
19. COVA, M., LEITA, C., THONNARD, O., KEROMYTIS, A., AND DACIER, M. 2010b. An analysis of rogue av campaigns. In Proceedings of the 13th International Conference on Recent Advances in Intrusion Detection. S. Jha, R. Sommer, and C. Kreibich, Eds., Lecture Notes in Computer Science, vol. 6307, Springer, 442-463.
20. COX, R. S.,GRIBBLE, S. D.,LEVY, H. M., AND HANSEN, J. G. 2006. A safety-oriented platform for web applications. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, Los Alamitos, CA, 350-364.
21. CRITES, S., HSU, F., AND CHEN, H. 2008. Omash: Enabling secure web mashups via object abstractions. In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS'08). ACM Press, New York, 99-108.
22. CURTSINGER, C., LIVSHITS, B., ZORN, B., AND SEIFERT, C. 2010. Zozzle: Low-overhead mostly static javascript malware detection. Tech. rep. MSR-TR-2010-156, Microsoft Research.
23. DANIEL, M., HONOROFF, J., AND MILLER, C. 2008. Engineering heap overow exploits with javascript. In Proceedings of the 2nd Conference on USENIX Workshop on Offensive Technologies. USENIX Association, Berkeley, CA, 1:1-1:6.
24. DASIENT REPORT. 2010. Dasient q3 malware update: Web-based malware infections double since last year, malvertising attacks continue over summer. http://blog.dasient.com/2010/11/normal.html.
25. FEILY, M., SHAHRESTANI, A., AND RAMADASS, S. 2009. A survey of botnet and botnet detection. In Proceedings of the 3rd International Conference on Emerging Security Information, Systems and Technologies (SECURWARE'09). 268-273.
26. FEINSTEIN, B. AND PECK, D. 2007. Caffeine monkey: Automated collection, detection and analysis of malicious javascript. In Proceedings of BlackHat USA. https://www.blackhat.com/presentations/bh-usa-07/Feinstein and Peck/Whitepaper/bh-usa-07-feinstein and peck-WP.pdf.
27. FLEIZACH, C., LILJENSTAM, M., JOHANSSON, P., VOELKER, G. M., AND MEHES, A. 2007. Can you infect me now? Malware propagation in mobile phone networks. In Proceedings of the ACM Workshop on Recurring Malcode (WORM'07). ACM Press, New York, 61-68.
28. GANESH, V., LEEK, T., AND RINARD, M. 2009. Taint-based directed whitebox fuzzing. In Proceedings of the 31st International Conference on Software Engineering (ICSE'09). IEEE Computer Society, Los Alamitos, CA, 474-484.
29. GARETTO, M., GONG, W., AND TOWSLEY, D. 2003. Modeling malware spreading dynamics. In Proceedings of the 22nd Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM'03). IEEE 1869-1879.
30. GARFINKEL, S. AND SPAFFORD, G. 2001. Web Security, Privacy and Commerce 2nd Ed. O'Reilly and Associates, Sebastopol, CA.
31. GENEIATAKIS, D., DAGIUKLAS, T., KAMBOURAKIS, G., LAMBRINOUDAKIS, C., GRITZALIS, S., EHLERT, S., AND SISALEM, D. 2006. Survey of security vulnerabilities in session initiation protocol. IEEE Comm. Surv. Tutorials 8, 68-81.
32. GOOGLE SAFE BROWSING PROJECT. 2011. Google safe browsing api homepage. http://code.google.com/apis/safebrowsing/.
33. GOOGLE WEB INDEX. 2008. We knew the web was big. http://googleblog. blogspot.com/2008/07/we-knew-webwas-big.html.
34. GRIER, C., TANG, S., AND KING, S. T. 2008. Secure web browsing with the op web browser. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, Los Alamitos, CA, 402-416.
35. GUARNIERI, S. AND LIVSHITS, B. 2009. Gatekeeper: Mostly static enforcement of security and reliability policies for javascript code. In Proceedings of the 18th Conference on USENIX Security Symposium (SSYM'09). USENIX Association, Berkeley, CA, 151-168.
36. GULLI, A. AND SIGNORINI, A. 2005. The indexable web is more than 11.5 billion pages. In Proceedings of the Special Interest Tracks and Posters of the 14th International Conference on World Wide Web (WWW'05). ACM Press, New York, 902-903.
37. HALFOND, W. G., VIEGAS, J., AND ORSO, A. 2006. A classification of sql-injection attacks and countermeasures. In Proceedings of the IEEE International Symposium on Secure Software Engineering.
38. HOSSEINPOUR, F., BAKAR, K.,HARDOROUDI, A., AND KAZAZI, N. 2010. Survey on artificial immune system as a bioinspired technique for anomaly based intrusion detection systems. In Proceedings of the 2nd International Conference on Intelligent Networking and Collaborative Systems (INCOS'10). 323-324.
39. HUANG, Y.-W., YU, F., HANG, C., TSAI, C.-H., LEE, D.-T., AND KUO, S.-Y. 2004. Securing web application code by static analysis and runtime protection. In Proceedings of the 13th International Conference on World Wide Web (WWW'04). ACM Press, New York, 40-52.
40. IDIKA, N. ANDMATHUR, A. P. 2010. A survey ofmalware detection techniques. Tech. rep. 286, Purdue University, Department of Computer Science. http://www.internetworldstats.com/stats.htm.
41. JACKSON, C. AND WANG, H. J. 2007. Subspace: Secure cross-domain communication for web mashups. In Proceedings of the 16th International Conference on World Wide Web (WWW'07). ACM Press, New York, 611-620.
42. JACOB, G., DEBAR, H., AND FILIOL, E. 2008. Behavioral detection of malware: From a survey towards an established taxonomy. J. Comput. Virol. 4, 251-266.
43. JAIN, S., SHAFIQUE, F., DJERIC, V., AND GOEL, A. 2008. Application-level isolation and recovery with solitude. In Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems (Eurosys'08). ACM Press, New York, 95-107.
44. JIM, T., SWAMY, N., AND HICKS, M. 2007. Defeating script injection attacks with browser-enforced embedded policies. In Proceedings of the 16th International Conference on World Wide Web (WWW'07). ACM Press, New York, 601-610.
45. JOSHI, A., KING, S. T., DUNLAP, G. W., AND CHEN, P. M. 2005. Detecting past and present intrusions through vulnerability-specific predicates. In Proceedings of the 20th ACM Symposium on Operating Systems Principles (SOSP'05). ACM Press, New York, 91-104.
46. JOVANOVIC, N., KRUEGEL, C., AND KIRDA, E. 2006a. Pixy: A static analysis tool for detecting web application vulnerabilities (short paper). In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, Los Alamitos, CA, 258-263.
47. JOVANOVIC, N., KRUEGEL, C., AND KIRDA, E. 2006b. Precise alias analysis for static detection of web application vulnerabilities. In Proceedings of the Workshop on Programming Languages and Analysis for Security (PLAS'06). ACM Press, New York, 27-36.
48. KANICH, C., KREIBICH, C., LEVCHENKO, K., ENRIGHT, B., VOELKER, G. M., PAXSON, V., AND SAVAGE, S. 2008. Spamalytics: An empirical analysis of spam marketing conversion. In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS'08). 3-14.
49. KIRDA, E., KRUEGEL, C., VIGNA, G., AND JOVANOVIC, N. 2006. Noxes: A client-side solution for mitigating crosssite scripting attacks. In Proceedings of the ACM Symposium on Applied Computing (SAC'06). ACM Press, New York, 330-337.
50. KRUEGEL, C. AND VIGNA, G. 2003. Anomaly detection of web-based attacks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS'03). ACM Press, New York, 251-261.
51. LAM, M. S.,MARTIN, M., LIVSHITS, B., AND WHALEY, J. 2008. Securing web applications with static and dynamic information flow tracking. In Proceedings of the ACM SIGPLAN Symposium on Partial Evaluation and Semantics-Based Program Manipulation (PEPM'08). ACM Press, New York, 3-12.
52. LAWTON, G. 2007. Web 2.0 creates security challenges. Comput. 40, 10, 13-16.
53. LI, C., JIANG, W., AND ZOU, X. 2009. Botnet: Survey and case study. In Proceedings of the 4th International Conference on Innovative Computing, Information and Control (ICICIC'09). 1184-1187.
54. LI, P., SALOUR, M., AND SU, X. 2008. A survey of internet worm detection and containment. IEEE Comm. Surv. Tutorials 10, 1, 20-35.
55. LI, Z., TANG, Y., CAO, Y., RASTOGI, V., CHEN, Y., AND LIU, B. 2011. Webshield: Enabling various web defense techniques without client side modifications. In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS'11).
56. LIN, K.-J. 2007. Building web 2.0. Comput. 40, 5, 101-102.
57. LU, L.,YEGNESWARAN, V.,PORRAS, P., AND LEE,W. 2010. Blade: An attack-agnostic approach for preventing driveby malware infections. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS'10). ACM Press, New York, 440-450.
58. LUNT, T. F. 1993. A survey of intrusion detection techniques. Comput. Secur. 12, 4, 405-418.
59. MA, J., SAUL, L. K., SAVAGE, S., AND VOELKER, G. M. 2009. Beyond blacklists: Learning to detect malicious websites from suspicious urls. In Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD'09). ACM Press, New York, 1245-1254.
60. MAGAZINIUS, J., ASKAROV, A., AND SABELFELD, A. 2010. A lattice-based approach to mashup security. In Proceedings of the 5th ACMSymposium on Information, Computer and Communications Security (ASIACCS'10). ACM Press, New York, 15-23.
61. MARHUSIN, M., CORNFORTH, D., AND LARKIN, H. 2008. An overview of recent advances in intrusion detection. In Proceedings of the 8th IEEE International Conference on Computer and Information Technology (CIT'08). 432-437.
62. MOSER, A., KRUEGEL, C., AND KIRDA, E. 2007. Exploring multiple execution paths for malware analysis. In Proceedings of the IEEE Symposium on Security and Privacy (SP'07). IEEE Computer Society, Los Alamitos, CA, 231-245.
63. MOSHCHUK, A., BRAGIN, T., DEVILLE, D., GRIBBLE, S. D., AND LEVY, H. M. 2007. Spyproxy: Execution-based detection of malicious web content. In Proceedings of the 16th USENIX Security Symposium. USENIX Association, Berkeley, CA, 3:1-3:16.
64. MOSHCHUK, E., BRAGIN, T.,GRIBBLE, S. D., AND LEVY, H. M. 2006. A crawler-based study of spyware on the web. In Proceedings of Network and Distributed System Security Symposium (NDSS'06).
65. MOTOYAMA, M., LEVCHENKO, K., KANICH, C., MCCOY, D., VOELKER, G. M., AND SAVAGE, S. 2010. Re: Captchas: Understanding captcha-solving services in an economic context. In Proceedings of the 19th USENIX Conference on Security. USENIX Association, Berkeley, CA, 28-28.
66. MUKHERJEE, B., HEBERLEIN, L., AND LEVITT, K. 1994. Network intrusion detection. IEEE Netw. 8, 3, 26-41.
67. MURALI, A. AND RAO, M. 2005. A survey on intrusion detection approaches. In Proceedings of the 1st International Conference on Information and Communication Technologies (ICICT'05). 233-240.
68. NAZARIO, J. 2009. Phoneyc: A virtual client honeypot. In Proceedings of the 2nd USENIX Conference on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More (LEET'09). USENIX Association, Berkeley, CA, 6-6.
69. ORMEROD, T.,WANG, L.,DEBBABI, M.,YOUSSEF, A.,BINSALLEEH, H.,BOUKHTOUTA, A., AND SINHA, P. 2010. Defaming botnet toolkits: A bottom-up approach to mitigating the threat. In Proceedings of the 1st International Conference on Emerging Security Information Systems and Technologies (SECURWARE'10). 195-200.
70. PENG, T., LECKIE, C., AND RAMAMOHANARAO, K. 2007. Survey of network-based defense mechanisms countering the dos and ddos problems. ACM Comput. Surv. 39, 1.
71. POLYCHRONAKIS, M., ANAGNOSTAKIS, K. G., AND MARKATOS, E. P. 2007. Emulation-based detection of non-selfcontained polymorphic shellcode. In Proceedings of the 10th International Conference on Recent Advances in Intrusion Detection (RAID'07). Springer, 87-106.
72. POLYCHRONAKIS, M., MAVROMMATIS, P., AND PROVOS, N. 2008. Ghost turns zombie: exploring the life cycle of web-based malware. In Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats. USENIX Association, Berkeley, CA, 11:1-11:8.
73. PROVOS, N.,MAVROMMATIS, P., RAJAB, M. A., AND MONROSE, F. 2008. All your iframes point to us. In Proceedings of the USENIX Security Symposium. 1-16.
74. PROVOS, N., MCNAMEE, D., MAVROMMATIS, P., WANG, K., AND MODADUGU, N. 2007. The ghost in the browser analysis of web-based malware. In Proceedings of the 1st Conference on the 1st Workshop on Hot Topics in Understanding Botnets. USENIX Association, Berkeley, CA, 4-4.
75. QING, S. AND WEN, W. 2005. A survey and trends on internet worms. Comput. Secur. 24, 4, 334-346.
76. RATANAWORABHAN, P., LIVSHITS, B., AND ZORN, B. 2009. Nozzle: A defense against heap-spraying code injection attacks. In Proceedings of the 18th Conference on USENIX Security Symposium (SSYM'09). USENIX Association, Berkeley, CA, 169-186.
77. RBN STUDY. 2007. Russian business network study. http://www.bizeul.org/ files/RBNstudy.pdf.
78. REIS, C., DUNAGAN, J., WANG, H. J., DUBROVSKY, O., AND ESMEIR, S. 2006. Browsershield: Vulnerability-driven filtering of dynamic html. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI'06). USENIX Association, Berkeley, CA, 61-74.
79. REIS, C. AND GRIBBLE, S. D. 2009. Isolating web programs in modern browser architectures. In Proceedings of the 4th ACM European Conference on Computer Systems (EuroSys'09). ACM Press, New York, 219-232.
80. RFC-2828. 2000. IETF RFC 2828. http://tools.ietf.org/html/rfc2828/.
81. RIECK, K., KRUEGER, T., AND DEWALD, A. 2010. Cujo: Efficient detection and prevention of drive-by-download attacks. In Proceedings of the Annual Computer Security Applications Conference (ACSAC'10).
82. ROESCH, M. 1999. Snort-Lightweight intrusion detection for networks. In Proceedings of the 13th USENIX Conference on System Administration (LISA'99). USENIX Association, Berkeley, CA, 229-238.
83. RUBIN, A. AND GEER, D. E., J. 1998. A survey of web security. Comput. 31, 9, 34-41.
84. SABAHI, F. AND MOVAGHAR, A. 2008. Intrusion detection: A survey. In Proceedings of the 3rd International Conference on Systems and Networks Communications (ICSNC'08). 23-26.
85. SABBOUH, M., HIGGINSON, J., SEMY, S., AND GAGNE, D. 2007. Web mashup scripting language. In Proceedings of the 16th International Conference on World Wide Web (WWW'07). ACM Press, New York, 1305-1306.
86. SABELFELD, A. ANDMYERS, A. C. 2003. Language-based information-ow security. IEEE J. Selected Areas Comm. 21, 1.
87. SADODDIN, R. AND GHORBANI, A. 2006. Alert correlation survey: Framework and techniques. In Proceedings of the International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services (PST'06). ACM Press, New York, 37:1-37:10.
88. SAXENA, P.,AKHAWE, D.,HANNA, S.,MAO, F.,MCCAMANT, S., AND SONG, D. 2010a. A symbolic execution framework for javascript. In Proceedings of the IEEE Symposium on Security and Privacy (SP'10). IEEE Computer Society, Los Alamitos, CA, 513-528.
89. SAXENA, P.,HANNA, S., POOSANKAM, P., AND SONG, D. 2010b. Flax: Systematic discovery of client-side validation vulnerabilities in rich web applications. In Proceedings of the 17th Annual Network and Distributed System Security Symposium (NDSS).
90. SCHMIDT, A.-D., SCHMIDT, H.-G., BATYUK, L., CLAUSEN, J., CAMTEPE, S., ALBAYRAK, S., AND YILDIZLI, C. 2009. Smartphone malware evolution revisited: Android next target? In Proceedings of the 4th International Conference on Malicious and Unwanted Software (MALWARE'09). 1-7.
91. SEIFERT, C., WELCH, I., AND KOMISARCZUK, P. 2009. Identification of malicious web pages through analysis of underlying dns and web server relationships. In Proceedings of the 33rd IEEE Conference on Local Computer Networks. 935-941.
92. SHABTAI, A.,MOSKOVITCH, R.,ELOVICI, Y., AND GLEZER, C. 2009. Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey. Inf. Secur. Tech. Rep. 14, 16-29.
93. SIDDIQUI, M.,WANG, M. C., AND LEE, J. 2008. A survey of data mining techniques for malware detection using file features. In Proceedings of the 46th Annual Southeast Regional Conference on XX (ACM-SE'08). ACM Press, New York, 509-510.
94. SIDIROGLOU, S., IOANNIDIS, J., KEROMYTIS, A., AND STOLFO, S. 2005. An email worm vaccine architecture. In Proceedings of the 1st Information Security Practice and Experience Conference. R. Deng, F. Bao, H. Pang, and J. Zhou, Eds., Lecture Notes in Computer Science, vol. 3439, Springer, 97-108.
95. SONG, C., ZHUGE, J.,HAN, X., AND YE, Z. 2010. Preventing drive-by download via inter-module communication monitoring. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS'10). ACM Press, New York, 124-134.
96. SOTIROV, A. 2007. Heap feng shui in javascript. In Proceedings of the BlackHat Europe Security Conference.
97. SOTIROV, A. AND DOWD, M. 2008. Bypassing browser memory protections. In Proceedings of the BlackHat Security Conference.
98. SU, Z. AND WASSERMANN, G. 2006. The essence of command injection attacks in web applications. In Conference Record of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'06). ACM Press, New York, 372-382.
99. TIPTON, H. 2009. Information Security Management Handbook. Vol. 3, 6th Ed. CRC Press, Boca Raton, FL.
100. TOP TEN PROJECT. 2011. OWASP top ten project. http://www.owasp.org/.
101. TOTH, T. AND KRUEGEL, C. 2002. Accurate buffer overfow detection via abstract payload execution. In Proceedings of the 5th International Conference on Recent Advances in Intrusion Detection (RAID'02). Springer, 274-291.
102. VINOD, P., LAXMI, V., AND GAUR, M. 2009. Survey on malware detection methods. In Proceedings of the 3rd Annual IIT Kanpur Hacker's Workshop.
103. WANG, H. J., GUO, C., SIMON, D. R., AND ZUGENMAIER, A. 2004. Shield: vulnerability-driven network filters for preventing known vulnerability exploits. SIGCOMM Comput. Comm. Rev. 34, 193-204.
104. WANG, Y., BECK, D., JIANG, X., AND ROUSSEV, R. 2006. Automated web patrol with strider honeymonkeys: Finding web sites that exploit browser vulnerabilities. In Proceedings of the Network and Distributed System Security Symposium (NDSS).
105. WANG, Y.,VERBOWSKI, C.,DUNAGAN, J.,CHEN, Y.,WANG,H. J., AND YUAN, C. 2003. Strider: A black-box, state-based approach to change and configuration management and support. In Proceedings of the 17th USENIX Conference on System Administration (LISA'03). 159-172.
106. WASSERMANN, G. AND SU, Z. 2007. Sound and precise analysis of web applications for injection vulnerabilities. In Proceedings of the ACMSIGPLAN Conference on Programming Language Design and Implementation (PLDI'07). ACM Press, New York, 32-41.
107. WASSERMANN, G. AND SU, Z. 2008. Static detection of cross-site scripting vulnerabilities. In Proceedings of the 30th International Conference on Software Engineering (ICSE'08). ACM Press, New York, 171-180.
108. WILHELM, J. AND CHIUEH, T.-C. 2007. A forced sampled execution approach to kernel rootkit identification. In Proceedings of the 10th International Conference on Recent Advances in Intrusion Detection (RAID'07). Springer, 219-235.
109. XIE, Y. AND AIKEN, A. 2006. Static detection of security vulnerabilities in scripting languages. In Proceedings of the 15th USENIX Security Symposium. Vol. 15, USENIX Association, Berkeley, CA.
110. YOU, I. AND YIM, K. 2010. Malware obfuscation techniques: A brief survey. In Proceedings of the International Conference on Broadband, Wireless Computing, Communication and Applications (BWCCA'10). IEEE Computer Society, Los Alamitos, CA, 297-300.
111. YUE, C. AND WANG, H. 2009. Characterizing insecure javascript practices on the web. In Proceedings of the 18th International Conference on World Wide Web (WWW'09). ACM Press, New York, 961-970.
112. ZEIDANLOO, H.,SHOOSHTARI, M.,AMOLI, P.,SAFARI,M., AND ZAMANI,M. 2010. A taxonomy of botnet detection techniques. In Proceedings of the 3rd IEEE International Conference on Computer Science and Information Technology (ICCSIT'10). Vol 2, 158-162.
113. ZHU, Z., LU, G., CHEN, Y., FU, Z., ROBERTS, P., AND HAN, K. 2008. Botnet research survey. In Proceedings of the 32nd Annual IEEE International Computer Software and Applications Conference (COMPSAC'08). 967-972.