Intelligent Defense against Malicious JavaScript Code

@article{Krueger2012IntelligentDA,
  title={Intelligent Defense against Malicious JavaScript Code},
  author={Tammo Krueger and Konrad Rieck},
  journal={PIK - Praxis der Informationsverarbeitung und Kommunikation},
  year={2012},
  volume={35},
  pages={54 - 60}
}
  • T. Krueger, K. Rieck
  • Published 2012
  • Computer Science
  • PIK - Praxis der Informationsverarbeitung und Kommunikation
JavaScript is a popular scripting language for creating dynamic and interactive web pages. [...] Key Method Embedded in a web proxy, Cujo transparently inspects web pages and blocks the delivery of malicious JavaScript code. A lightweight static and dynamic analysis is performed, which enables learning and detecting malicious patterns in the structure and behavior of JavaScript code.Expand
View via Publisher
user.informatik.uni-goettingen.de
11 Citations
Highly Influential Citations
2
Background Citations
4
Methods Citations
4

11 Citations

Citation Type

Citation Type

A Machine Learning Approach to Malicious JavaScript Detection using Fixed Length Vector Representation
TLDR
The proposed Doc2Vec features provide better accuracy and fast classification in malicious JS code detection compared to conventional approaches, and are compared to other feature learning methods. Expand
A machine learning approach to detection of JavaScript-based attacks using AST features and paragraph vectors
TLDR
Experimental results show that the proposed AST features and Doc2Vec for feature learning provide better accuracy and fast classification in malicious JS code detection compared to conventional approaches and can flag malicious JS codes previously identified as hard-to-detect. Expand
A Practical Guide for Detecting the Java Script-Based Malware Using Hidden Markov Models and Linear Classifiers
TLDR
This paper proposes various methods for detecting Java Script-based attack vectors, and analyzes these detection methods from a practical point of view, emphasizing the need for a very low false positive rate and the ability to be trained on large datasets. Expand
JSOD: JavaScript obfuscation detector
TLDR
This work proposes JavaScript Obfuscation Detector JSOD, a completely static solution to detect obfuscated scripts including readable patterns, and compares it to the state-of-the-art approaches to detects obfuscated malicious and obfuscated benign script, namely, Zozzle and Noofus. Expand
On the Integrity of Cross-Origin JavaScripts
TLDR
According to the empirical results based on a ten day polling period of over 35 thousand scripts collected from popular websites, temporal integrity changes are relatively common and it is possible to statistically predict whether a temporal integrity change is likely to occur. Expand
DETECTION : A STATE OF ART SURVEY
Web security is a challenging issue due to emerging trends in the web attacks. Malicious websites steals the valuable information of the visitors and infect their system for further attacks. VariousExpand
Probabilistic Methods for Network Security. From Analysis to Response
TLDR
This thesis shows, how methods from statistics and machine learning can improve the security cycle of analysis, detection and response to threats by carefully layering probabilistic methods andMachine learning techniques, and creates solid solutions for pressing security problems. Expand
Data Mining Based Strategy for Detecting Malicious PDF Files
  • Samir G. Sayed, M. Shawkey
  • Computer Science
  • 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
  • 2018
TLDR
A new algorithm is presented for detecting malicious PDF files based on data mining techniques to achieve high detection rate and low false positive rate with small computational overhead. Expand
Malware Slums: Measurement and Analysis of Malware on Traffic Exchanges
TLDR
A first of its kind analysis of the different types of malware that are propagated through these traffic exchanges, including blacklisted domains, malicious JavaScript, malicious Flash, and malicious shortened URLs are presented. Expand
Drive-by Disclosure: A Large-Scale Detector of Drive-by Downloads Based on Latent Behavior Prediction
TLDR
The proposed Drive-by Disclosure leverages availability of AST representation to predict script's latent behaviors statically and facilitates distinction between scripting practices of drive-by downloads and disguised transformations. Expand
...
1
2
...

References

SHOWING 1-10 OF 43 REFERENCES
Detection and analysis of drive-by-download attacks and malicious JavaScript code
TLDR
A novel approach to the detection and analysis of malicious JavaScript code is presented that uses a number of features and machine-learning techniques to establish the characteristics of normal JavaScript code and is able to identify anomalous JavaScript code by emulating its behavior and comparing it to the established profiles. Expand
Cujo: efficient detection and prevention of drive-by-download attacks
TLDR
The efficacy of Cujo is demonstrated, where it detects 94% of the drive-by downloads with few false alarms and a median run-time of 500 ms per web page---a quality that has not been attained in previous work on detection of drive- by-download attacks. Expand
Throwing a MonkeyWrench into Web Attackers Plans
TLDR
MonkeyWrench is a low-interaction web-honeyclient allowing automatic identification of malicious web pages by performing static analysis of the HTML-objects in a web page as well as dynamic analysis of scripts by execution in an emulated browser environment and is able to identify the exact vulnerability triggered by a malicious page. Expand
IceShield: Detection and Mitigation of Malicious Websites with a Frozen DOM
TLDR
This paper presents IceShield, a JavaScript based tool that enables in-line dynamic code analysis as well as de-obfuscation, and a set of heuristics to detect attempts of attacking either a website or the user accessing its contents, and demonstrates how dynamic analysis of websites can be accomplished directly in the browser. Expand
Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks
TLDR
This work proposes a technique that relies on x86 instruction emulation to identify JavaScript string buffers that contain shellcode, and demonstrates that the system performs accurate detection with no false positives. Expand
ZOZZLE: Fast and Precise In-Browser JavaScript Malware Detection
TLDR
The approach uses Bayesian classification of hierarchical features of the JavaScript abstract syntax tree to identify syntax elements that are highly predictive of malware, and shows that ZOZZLE is able to detect JavaScript malware through mostly static code analysis effectively. Expand
ZDVUE: prioritization of javascript attacks to discover new vulnerabilities
TLDR
ZDVUE is a tool for automatic prioritization of suspicious JavaScript traces, which can lead to early detection of potential zero-day vulnerabilities, and is used in the organization on a routine basis to automatically filter, analyze, and prioritize thousands of downloaded JavaScript files. Expand
Prophiler: a fast filter for the large-scale detection of malicious web pages
TLDR
The authors' filter, called Prophiler, uses static analysis techniques to quickly examine a web page for malicious content, and automatically derive detection models that use these features using machine-learning techniques applied to labeled datasets. Expand
Rozzle: De-cloaking Internet Malware
TLDR
Rozzle, a JavaScript multi-execution virtual machine, is proposed as a way to explore multiple execution paths within a single execution so that environment-specific malware will reveal itself, and it is shown that Rozzle triples the effectiveness of online runtime detection. Expand
The Ghost in the Browser: Analysis of Web-based Malware
TLDR
This work identifies the four prevalent mechanisms used to inject malicious content on popular web sites: web server security, user contributed content, advertising and third-party widgets, and presents examples of abuse found on the Internet. Expand
...
1
2
3
4
5
...