Journal
JOURNAL OF NETWORK AND COMPUTER APPLICATIONS
Volume 38, Issue -, Pages 135-149Publisher
ACADEMIC PRESS LTD- ELSEVIER SCIENCE LTD
DOI: 10.1016/j.jnca.2013.03.009
Keywords
Drive-by downloads; Web client exploits; Anomaly detection; Machine learning; Dynamic analysis
Ask authors/readers for more resources
Drive-by download attacks are common attack vector for compromising personal computers. While several alternatives to mitigate the threat have been proposed, approaches to realtime detection of drive-by download attacks has been predominantly limited to static and semi-dynamic analysis techniques. These techniques examine the original or deobfuscated JavaScript source code to assess the potential maliciousness of a webpage. However, static and semi-dynamic analysis techniques are vulnerable to commonly employed evasion techniques. Dynamic anomaly detection approaches are less susceptible to targeted evasion, but are used less often as a realtime solution on the individual systems because these techniques are typically resource intensive. This paper presents a novel approach to detect drive-by downloads in web browser environments using low resource dynamic analysis. By dynamically monitoring the bytecode stream generated by a web browser during rendering, the approach is able to detect previously unseen drive-by download attacks at runtime. The proposed method is effective, space efficient, and performs the analysis with low performance overhead, making the approach amenable to in-browser drive-by download detection on resource constrained devices, such as mobile phones. (C) 2013 Elsevier Ltd. All rights reserved.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available