Intelligent Defense against Malicious JavaScript Code
@article{Krueger2012IntelligentDA, title={Intelligent Defense against Malicious JavaScript Code}, author={Tammo Krueger and Konrad Rieck}, journal={PIK - Praxis der Informationsverarbeitung und Kommunikation}, year={2012}, volume={35}, pages={54 - 60} }
JavaScript is a popular scripting language for creating dynamic and interactive web pages. [] Key Method Embedded in a web proxy, Cujo transparently inspects web pages and blocks the delivery of malicious JavaScript code. A lightweight static and dynamic analysis is performed, which enables learning and detecting malicious patterns in the structure and behavior of JavaScript code.
Figures and Tables from this paper
12 Citations
A Machine Learning Approach to Malicious JavaScript Detection using Fixed Length Vector Representation
- Computer Science2018 International Joint Conference on Neural Networks (IJCNN)
- 2018
The proposed Doc2Vec features provide better accuracy and fast classification in malicious JS code detection compared to conventional approaches, and are compared to other feature learning methods.
A Practical Guide for Detecting the Java Script-Based Malware Using Hidden Markov Models and Linear Classifiers
- Computer Science2014 16th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing
- 2014
This paper proposes various methods for detecting Java Script-based attack vectors, and analyzes these detection methods from a practical point of view, emphasizing the need for a very low false positive rate and the ability to be trained on large datasets.
JSOD: JavaScript obfuscation detector
- Computer Science, MathematicsSecur. Commun. Networks
- 2015
This work proposes JavaScript Obfuscation Detector JSOD, a completely static solution to detect obfuscated scripts including readable patterns, and compares it to the state-of-the-art approaches to detects obfuscated malicious and obfuscated benign script, namely, Zozzle and Noofus.
Probe the Proto: Measuring Client-Side Prototype Pollution Vulnerabilities of One Million Real-world Websites
- Computer ScienceProceedings 2022 Network and Distributed System Security Symposium
- 2022
This paper proposes the first large- scale measurement study of client-side prototype pollution among one million real-world websites and answers the questions of whether a prototypical object is controllable, whether and what properties can be manipulated, and whether the injected value leads to further consequences.
On the Integrity of Cross-Origin JavaScripts
- Computer ScienceSEC
- 2018
According to the empirical results based on a ten day polling period of over 35 thousand scripts collected from popular websites, temporal integrity changes are relatively common and it is possible to statistically predict whether a temporal integrity change is likely to occur.
DETECTION : A STATE OF ART SURVEY
- Computer Science
- 2016
The detailed analysis carried out in this paper provides a new road map for the research in this area and classifies the detection methods in three categoriesstatic, dynamic and hybrid approaches.
Probabilistic Methods for Network Security. From Analysis to Response
- Computer Science
- 2013
This thesis shows, how methods from statistics and machine learning can improve the security cycle of analysis, detection and response to threats by carefully layering probabilistic methods andMachine learning techniques, and creates solid solutions for pressing security problems.
Data Mining Based Strategy for Detecting Malicious PDF Files
- Computer Science2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
- 2018
A new algorithm is presented for detecting malicious PDF files based on data mining techniques to achieve high detection rate and low false positive rate with small computational overhead.
Malware Slums: Measurement and Analysis of Malware on Traffic Exchanges
- Computer Science2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
- 2016
A first of its kind analysis of the different types of malware that are propagated through these traffic exchanges, including blacklisted domains, malicious JavaScript, malicious Flash, and malicious shortened URLs are presented.
Drive-by Disclosure: A Large-Scale Detector of Drive-by Downloads Based on Latent Behavior Prediction
- Computer Science2015 IEEE Trustcom/BigDataSE/ISPA
- 2015
The proposed Drive-by Disclosure leverages availability of AST representation to predict script's latent behaviors statically and facilitates distinction between scripting practices of drive-by downloads and disguised transformations.
References
SHOWING 1-10 OF 41 REFERENCES
Detection and analysis of drive-by-download attacks and malicious JavaScript code
- Computer ScienceWWW '10
- 2010
A novel approach to the detection and analysis of malicious JavaScript code is presented that uses a number of features and machine-learning techniques to establish the characteristics of normal JavaScript code and is able to identify anomalous JavaScript code by emulating its behavior and comparing it to the established profiles.
Cujo: efficient detection and prevention of drive-by-download attacks
- Computer ScienceACSAC '10
- 2010
The efficacy of Cujo is demonstrated, where it detects 94% of the drive-by downloads with few false alarms and a median run-time of 500 ms per web page---a quality that has not been attained in previous work on detection of drive- by-download attacks.
Throwing a MonkeyWrench into Web Attackers Plans
- Computer ScienceCommunications and Multimedia Security
- 2010
MonkeyWrench is a low-interaction web-honeyclient allowing automatic identification of malicious web pages by performing static analysis of the HTML-objects in a web page as well as dynamic analysis of scripts by execution in an emulated browser environment and is able to identify the exact vulnerability triggered by a malicious page.
IceShield: Detection and Mitigation of Malicious Websites with a Frozen DOM
- Computer ScienceRAID
- 2011
This paper presents IceShield, a JavaScript based tool that enables in-line dynamic code analysis as well as de-obfuscation, and a set of heuristics to detect attempts of attacking either a website or the user accessing its contents, and demonstrates how dynamic analysis of websites can be accomplished directly in the browser.
Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks
- Computer ScienceDIMVA
- 2009
This work proposes a technique that relies on x86 instruction emulation to identify JavaScript string buffers that contain shellcode, and demonstrates that the system performs accurate detection with no false positives.
ZDVUE: prioritization of javascript attacks to discover new vulnerabilities
- Computer ScienceAISec '11
- 2011
ZDVUE is a tool for automatic prioritization of suspicious JavaScript traces, which can lead to early detection of potential zero-day vulnerabilities, and is used in the organization on a routine basis to automatically filter, analyze, and prioritize thousands of downloaded JavaScript files.
Prophiler: a fast filter for the large-scale detection of malicious web pages
- Computer ScienceWWW
- 2011
The authors' filter, called Prophiler, uses static analysis techniques to quickly examine a web page for malicious content, and automatically derive detection models that use these features using machine-learning techniques applied to labeled datasets.
Rozzle: De-cloaking Internet Malware
- Computer Science2012 IEEE Symposium on Security and Privacy
- 2012
Rozzle, a JavaScript multi-execution virtual machine, is proposed as a way to explore multiple execution paths within a single execution so that environment-specific malware will reveal itself, and it is shown that Rozzle triples the effectiveness of online runtime detection.
The Ghost in the Browser: Analysis of Web-based Malware
- Computer ScienceHotBots
- 2007
This work identifies the four prevalent mechanisms used to inject malicious content on popular web sites: web server security, user contributed content, advertising and third-party widgets, and presents examples of abuse found on the Internet.
Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities
- Computer ScienceNDSS
- 2006
The design and implementation of the Strider HoneyMonkey Exploit Detection System is described, which consists of a pipeline of “monkey programs” running possibly vulnerable browsers on virtual machines with different patch levels and patrolling the Web to seek out and classify web sites that exploit browser vulnerabilities.