JSgraph: Enabling Reconstruction of Web Attacks via Efficient Tracking of Live In-Browser JavaScript Executions

@inproceedings{Li2018JSgraphER,
  title={JSgraph: Enabling Reconstruction of Web Attacks via Efficient Tracking of Live In-Browser JavaScript Executions},
  author={B. Li and P. Vadrevu and K. H. Lee and R. Perdisci},
  booktitle={NDSS},
  year={2018}
}
  • B. Li, P. Vadrevu, +1 author R. Perdisci
  • Published in NDSS 2018
  • Computer Science
  • In this paper, we propose JSgraph, a forensic engine that is able to efficiently record fine-grained details pertaining to the execution of JavaScript (JS) programs within the browser, with particular focus on JS-driven DOM modifications. [...] Key Method We implement JSgraph by instrumenting Chromium’s code base at the interface between Blink and V8, the rendering and JavaScript engines. We design JSgraph to be lightweight, highly portable, and to require low storage capacity for its fine-grained audit logs…Expand Abstract
    VisibleV8: In-browser Monitoring of JavaScript in the Wild
    • 7
    • Highly Influenced
    AdGraph: A Machine Learning Approach to Automatic and Effective Adblocking
    • 18
    • Highly Influenced
    • PDF
    AdGraph: A Graph-Based Approach to Ad and Tracker Blocking
    • 16
    • Highly Influenced
    • PDF
    Opening the Blackbox of VirusTotal: Analyzing Online Phishing Scan Engines
    • 8
    • PDF
    ShadowBlock: A Lightweight and Stealthy Adblocking Browser
    • 4
    • PDF
    Measuring and Modeling the Label Dynamics of Online Anti-Malware Engines
    • 6
    • PDF
    UIScope: Accurate, Instrumentation-free, and Visible Attack Investigation for GUI Applications
    • 1
    • Highly Influenced
    • PDF
    VisibleV8: In-browserMonitoring of JavaScript in theWild

    References

    Publications referenced by this paper.
    SHOWING 1-10 OF 47 REFERENCES
    ReVirt: enabling intrusion analysis through virtual-machine logging and replay
    • 914
    • PDF
    Detection and analysis of drive-by-download attacks and malicious JavaScript code
    • 549
    • PDF
    A Symbolic Execution Framework for JavaScript
    • 403
    • PDF
    ZOZZLE: Fast and Precise In-Browser JavaScript Malware Detection
    • 266
    • PDF
    Jalangi: a selective record-replay and dynamic analysis framework for JavaScript
    • 189
    • PDF
    libdft: practical dynamic data flow tracking for commodity systems
    • 190
    • PDF
    Rozzle: De-cloaking Internet Malware
    • 164
    • PDF
    Manufacturing compromise: the emergence of exploit-as-a-service
    • 214
    • PDF
    Backtracking intrusions
    • 284
    • PDF