ZOZZLE: Fast and precise in-browser JavaScript Malware detection

Proceedings of the 20th USENIX Security Symposium

Volumn , Issue , 2011, Pages 33-48

  Curtsinger, Charlie ^a   Livshits, Benjamin ^b   Zorn, Benjamin ^b   Seifert, Christian ^c  

^a UNIVERSITY OF MASSACHUSETTS   (United States)

^b MICROSOFT RESEARCH   (United States)

^c MICROSOFT   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

HIGH LEVEL LANGUAGES; SYNTACTICS; TREES (MATHEMATICS); WEBSITES;

ABSTRACT SYNTAX TREES; BAYESIAN CLASSIFICATION; EXPERIMENTAL EVALUATION; FALSE POSITIVE RATES; HIERARCHICAL FEATURES; JAVASCRIPT MALWARE; STATIC CODE ANALYSIS; SYNTAX ELEMENTS;

MALWARE;

EID: 85076498355     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (32)

1. M. Abadi, M. Budiu, Úlfar Erlingsson, and J. Ligatti. Control-flow integrity. In Proceedings of the Conference on Computer and Communications Security, 2005.
2. P. Akritidis, E. P. Markatos, M. Polychronakis, and K. G. Anagnostakis. STRIDE: Polymorphic sled detection through instruction sequence analysis. In Proceedings of Security and Privacy in the Age of Ubiquitous Computing, 2005.
3. A. Buescher, M. Meier, and R. Benzmueller. Monkey-Wrench - boesartige webseiten in die zange genommen. In Deutscher IT-Sicherheitskongress, Bonn, 2009.
4. D. Canali, M. Cova, G. Vigna, and C. Krügel. Prophiler: A fast filter for the large-scale detection of malicious web pages. In Proceedings of the International World Wide Web Conference, Mar. 2011.
5. M. Castro, M. Costa, and T. Harris. Securing software by enforcing data-flow integrity. In Proceedings of the Symposium on Operating Systems Design and Implementation, 2006.
6. M. Cova, C. Krügel, and G. Vigna. Detection and analysis of drive-by-download attacks and malicious JavaScript code. In Proceedings of the InternationalWorldWideWeb Conference, April 2010.
7. C. Cowan, C. Pu, D. Maier, H. Hinton, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the USENIX Security Symposium, January 1998.
8. Y. Ding, T. Wei, T. Wang, Z. Liang, and W. Zou. Heap Taichi: Exploiting memory allocation granularity in heapspraying attacks. In Proceedings of Annual Computer Security Applications Conference, 2010.
9. M. Egele, P. Wurzinger, C. Krügel, and E. Kirda. Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks. In Proceedings of the Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, 2009.
10. B. Feinstein and D. Peck. Caffeine Monkey: Automated collection, detection and analysis of malicious JavaScript. In Proceedings of Black Hat USA, 2007.
11. F. Howard. Malware with your mocha: Obfuscation and anti-emulation tricks inmalicious JavaScript. http: //www.sophos.com/security/technical-papers/ malware_with_your_mocha.pdf, Sept. 2010.
12. M. Howard. Address space layout randomization in Windows Vista. http://blogs.msdn. com/b/michael_howard/archive/2006/05/ 26/address-space-layout-randomization-\ \in-windows-vista.aspx, May 2006.
13. G. Hunt and D. Brubacher. Detours: Binary interception of Win32 functions. In Proceedings of the USENIX Windows NT Symposium, 1999.
14. S. Karanth, S. Laxman, P. Naldurg, R. Venkatesan, J. Lambert, and J. Shin. Pattern mining for future attacks. Technical Report MSR-TR-2010-100, Microsoft Research, 2010.
15. A. Moshchuk, T. Bragin, S. D. Gribble, and H. M. Levy. A crawler-based study of spyware on the web. In Proceedings of the Network and Distributed System Security Symposium. The Internet Society, 2006.
16. J. Nazario. PhoneyC: A virtual client honeypot. In Proceedings of the Usenix Workshop on Large-Scale Exploits and Emergent Threats, Boston, 2009.
17. J. Newsome, B. Karp, and D. Song. Polygraph: Automatically generating signatures for polymorphic worms. In Proceedings of the IEEE Symposium on Security and Privacy, 2005.
18. M. Polychronakis, K. G. Anagnostakis, and E. P. Markatos. Emulation-based detection of non-selfcontained polymorphic shellcode. In Proceedings of the Symposium on Recent Advances in Intrusion Detection, 2007.
19. Praetorian Prefect. The "aurora" IE exploit used against Google in action. http: //praetorianprefect.com/archives/2010/01/ the-aurora-ie-exploit-in-action/, Jan. 2010.
20. N. Provos, P. Mavrommatis, M. A. Rajab, and F. Monrose. All your iFRAMEs point to us. In Proceedings of the USENIX Security Symposium, 2008.
21. P. Ratanaworabhan, B. Livshits, and B. Zorn. Nozzle: A defense against heap-spraying code injection attacks. In Proceedings of the USENIX Security Symposium, August 2009.
22. K. Rieck, T. Krueger, and A. Dewald. Cujo: Efficient detection and prevention of drive-by-download attacks. In Proceedings of the Annual Computer Security Applications Conference, 2010.
23. M. Roesch. Snort - lightweight intrusion detection for networks. In Proceedings of the USENIX Conference on System Administration, 1999.
24. C. Seifert, P. Komisarczuk, and I.Welch. Identification of malicious web pages with static heuristics. In Proceedings of the Austalasian Telecommunication Networks and Applications Conference, 2008.
25. C. Seifert, R. Steenson, T. Holz, B. Yuan, and M. A. Davis. Know your enemy: Malicious web servers. 2007.
26. C. Song, J. Zhuge, X. Han, and Z. Ye. Preventing driveby download via inter-module communication monitoring. In Proceedings of the Asian Conference on Comuting and Communication Security, 2010.
27. R. J. Spoor, P. Kijewski, and C. Overes. The HoneySpider network: Fighting client-side threats. In Proceedings of FIRST, 2008.
28. T. Stuurman and A. Verduin. Honeyclients - low interaction detection methods. Technical report, University of Amsterdam, 2008.
29. T. Toth and C. Krügel. Accurate buffer overflow detection via abstract payload execution. In Proceedings of the Symposium on Recent Advances in Intrusion Detection, 2002.
30. K. Wang. HoneyClient. http://www.honeyclient. org/trac, 2005.
31. Y.-M. Wang, D. Beck, X. Jiang, R. Roussev, C. Verbowski, S. Chen, and S. King. Automated web patrol with Strider HoneyMonkeys: Finding web sites that exploit browser vulnerabilities. In Proceedings of the Network and Distributed System Security Symposium, 2006.
32. J. Zhuge, T. Holz, C. Song, J. Guo, X. Han, and W. Zou. Studying malicious websites and the underground economy on the Chinese web. Technical report, University of Mannheim, 2007.