An emerging threat vector, embedded malware inside popular document formats, has become rampant since 2008. Owed to its wide-spread use and javascript support, PDF has been the primary vehicle for delivering embedded ...
详细信息
ISBN:
(纸本)9781479922338
An emerging threat vector, embedded malware inside popular document formats, has become rampant since 2008. Owed to its wide-spread use and javascript support, PDF has been the primary vehicle for delivering embedded exploits. Unfortunately, existing defenses are limited in effectiveness, vulnerable to evasion, or computationally expensive to be employed as an on-line protection system. In this paper, we propose a context-aware approach for detection and confinement of malicious javascript in PDF. Our approach statically extracts a set of static features and inserts context monitoring code into a document. When an instrumented document is opened, the context monitoring code inside will cooperate with our runtime monitor to detect potential infection attempts in the context of javascript execution. Thus, our detector can identify malicious documents by using both static and runtime features. To validate the effectiveness of our approach in a real-world setting, we first conduct a security analysis, showing that our system is able to remain effective in detection and be robust against evasion attempts even in the presence of sophisticated adversaries. We implement a prototype of the proposed system, and perform extensive experiments using 18623 benign PDF samples and 7370 malicious samples. Our evaluation results demonstrate that our approach can accurately detect and confine malicious javascript in PDF with minor performance overhead.
javascript is the main language used to provide the client-side functionality of the modern web. It is used in many applications that provide high interactivity with the end-user. These applications range from mapping...
详细信息
ISBN:
(纸本)9781479935031
javascript is the main language used to provide the client-side functionality of the modern web. It is used in many applications that provide high interactivity with the end-user. These applications range from mapping applications to online games. In recent years, cyber-criminals started focusing on attacking the visitors of legitimate websites and social networks rather than attacking the websites themselves. The dynamic nature of the javascript language and its tangled usage with other web technologies in modern web applications makes it hard to reason about its code statically. This poses the need to develop effective mechanisms for detecting and mitigating malicious javascript code on the client-side of the web. In this paper, we address the above challenges by developing a framework that detects and mitigates the flow of sensitive information on the client-side to illegal channels. The proposed model uses information flow control dynamically at run-time to track sensitive information and prevents its leakage. In order to realize the model, we extend the operational semantics of javascript to enable the control of information flow inside web browsers.
Given the rising challenge of client-based web attacks through vulnerabilities in websites, traditional pattern detection methods often fall short in identifying emerging threats. To bridge this gap, our study propose...
详细信息
Given the rising challenge of client-based web attacks through vulnerabilities in websites, traditional pattern detection methods often fall short in identifying emerging threats. To bridge this gap, our study proposes a methodology employing machine learning algorithms to counteract three specific types of client-based web attacks: malicious javascript, phishing attacks, and script-based web attacks. Our method extracts significant features from the source code and URLs, subsequently applying a range of machine learning models, including random forest (RF), deep neural network (DNN), and convolutional neural network (CNN), to pinpoint the most effective model. Experimental evidence from our research highlights the RF model's exceptional accuracy, achieving 99.99% in detecting malicious javascript, 95.11% for phishing attacks, and 94.77% for script-based web attacks. Additionally, our work extends beyond theoretical contributions, evidenced by the development of a Chrome extension based on the high-performing RF model, offering a tangible solution for enhancing web browsing security.
The Android platform has emerged as the most popular computing platform that has more than 2.5 billion devices [1] working across the globe. These devices include not only mobiles and tablets, but even Android Auto mo...
详细信息
ISBN:
(纸本)9781728162515
The Android platform has emerged as the most popular computing platform that has more than 2.5 billion devices [1] working across the globe. These devices include not only mobiles and tablets, but even Android Auto modules in cars, various Android versions running on Televisions, watches and host of other smart devices. What makes things more challenging and interesting for the Android Developers and security experts is the fact that various versions of Android Operating System, from Android 2.3.3 (Ginger Bread) to Android 11.0 coexist in this ecosystem. This paper discusses threats that emanate from Hybrid Android Apps. These Hybrid Apps use WebView Component for handling web content within Android Apps. WebView allows HTML and javascript to run and render webpages inside Apps, thereby allowing them to download content from Web Servers on the Internet. It is used by several popular Apps, like Facebook, Twitter, Instagram, etc. WebView even allows javascript code to call Android code for completing various tasks. While this feature gives tremendous capability to create interactive Hybrid Apps, however, it also opens a route for malicious content to infect the Android Platform using targeted javascript based malwares. Any malicious javascript, from untrusted or even from trusted source, can thus find its way to exploit this unique linkage with Android Platform. In this paper we analyze Android WebView's security vulnerabilities, access authorization, kind of attacks that it can encounter, and mechanisms to prevent these attacks. To do so, we have developed two Android Apps, viz., "WebView Tool" and "WebView Monitor". Our analysis and detection mechanisms are based on Machine Learning techniques.
malicious javascript code has been actively and recently utilized as a vehicle for Web-based security attacks. By exploiting vulnerabilities such as cross-site scripting (XSS), attackers are able to spread worms, cond...
详细信息
malicious javascript code has been actively and recently utilized as a vehicle for Web-based security attacks. By exploiting vulnerabilities such as cross-site scripting (XSS), attackers are able to spread worms, conduct Phishing attacks, and do Web page redirection to "typically" porn Web sites. These attacks can be preemptively prevented if the malicious code is detected before executing. Based on the fact that a malignant code will exhibit certain features, we propose a novel classification-based detection approach that will identify Web pages containing infected code. Using datasets of trusted and malicious Web sites, we analyze the behavior and properties of javascript code to point out its key features. These features form the basis of our identification system and are used to properly train the various classifiers on malicious and benign data. Performance evaluation results show that our approach achieves a 95% or higher detection accuracy, with very small (less than 3%) false positive and false negative ratios. Our solution surpasses the performance of the comparable literature.
javascript is a standard of client-side scripting languages. Due to its cross-platform property, javascript is widely used in web pages. Hence its security problems can seriously influence the security of devices exec...
详细信息
javascript is a standard of client-side scripting languages. Due to its cross-platform property, javascript is widely used in web pages. Hence its security problems can seriously influence the security of devices executing code written by it. This paper proposes a Cloud-based Protection approach against javascript-based attacks to browsers, called CPJ. CPJ provides timely and effective protection to web browsers to cope with attackers' continuously developing new javascript-based attack approaches. CPJ integrates VirusTotal, a cloud-based security analysis service, into a browser. Therefore, with the latest malware signature databases, it can analyze the behavior of a variety of javascript files. It allows a browser to block malicious code when the browser is surfing the Internet. We demonstrate its feasibility using Internet experiments, and show its effectiveness on a variety of suspicious targets. According to our experiments, CPJ has rather good sensitivity and performance.
As a new mechanism to monetize web content, cryptocurrency mining is becoming increasingly popular. The idea is simple: a webpage delivers extra workload (javascript) that consumes computational resources on the clien...
详细信息
ISBN:
(纸本)9781450356930
As a new mechanism to monetize web content, cryptocurrency mining is becoming increasingly popular. The idea is simple: a webpage delivers extra workload (javascript) that consumes computational resources on the client machine to solve cryptographic puzzles, typically without notifying users or having explicit user consent. This new mechanism, often heavily abused and thus considered a threat termed "cryptojacking", is estimated to affect over 10 million web users every month;however, only a few anecdotal reports exist so far and little is known about its severeness, infrastructure, and technical characteristics behind the scene. This is likely due to the lack of effective approaches to detect cryptojacking at a large-scale (e.g., VirusTotal). In this paper, we take a first step towards an in-depth study over cryptojacking. By leveraging a set of inherent characteristics of cryptojacking scripts, we build CMTracker, a behavior-based detector with two runtime profilers for automatically tracking Cryptocurrency Mining scripts and their related domains. Surprisingly, our approach successfully discovered 2,770 unique cryptojacking samples from 853,936 popular web pages, including 868 among top 100K in Alexa list. Leveraging these samples, we gain a more comprehensive picture of the cryptojacking attacks, including their impact, distribution mechanisms, obfuscation, and attempts to evade detection. For instance, a diverse set of organizations benefit from cryptojacking based on the unique wallet ids. In addition, to stay under the radar, they frequently update their attack domains (fastflux) on the order of days. Many attackers also apply evasion techniques, including limiting the CPU usage, obfuscating the code, etc.
作者:
Singh, A. K.BITS Pilani
Dept Comp Sci & Informat Syst Adv Data Analyt & Parallel Technol Lab Pilani Campus Pilani Rajasthan India
Web Security is a challenging task amidst ever rising threats on the Internet. With billions of websites active on Internet, and hackers evolving newer techniques to trap web users, machine learning offers promising t...
详细信息
Web Security is a challenging task amidst ever rising threats on the Internet. With billions of websites active on Internet, and hackers evolving newer techniques to trap web users, machine learning offers promising techniques to detect malicious websites. The dataset described in this manuscript is meant for such machine learning based analysis of malicious and benign webpages. The data has been collected from Internet using a specialized focused web crawler named MalCrawler H. The dataset comprises of various extracted attributes, and also raw webpage content including javascript code. It supports both supervised and unsupervised learning. For supervised learning, class labels for malicious and benign webpages have been added to the dataset using the Google Safe Browsing API. I The most relevant attributes within the scope have already been extracted and included in this dataset. However, the raw web content, including javascript code included in this dataset supports further attribute extraction, if so desired. Also, this raw content and code can be used as unstructured data input for text-based analytics. This dataset consists of data from approximately 1.5 million webpages, which makes it suitable for deep learning algorithms. This article also provides code snippets used for data extraction and its analysis. (C) 2020 The Author. Published by Elsevier Inc.
Nowadays, web applications are becoming one of the standard platforms for representing data and service releases over the World Wide Web. Since web applications are progressively more utilized for security-critical se...
详细信息
Nowadays, web applications are becoming one of the standard platforms for representing data and service releases over the World Wide Web. Since web applications are progressively more utilized for security-critical services, therefore they have turned out to be a well-liked and precious target for the web-related vulnerabilities. Even though several defensive mechanisms have been building up to reinforce the modern web applications and alleviate the attacks instigated against them. We have analyzed the major concerns for web applications and Internet-based services which are persistent in several web applications of diverse organizations like banking, health care, financial service, retail and so on by the referring the Website Security Statistics Report of White Hat Security. In this paper, we highlight some of the serious vulnerabilities found in the modern web applications and revealed various serious vulnerabilities. Cross-Site Scripting (XSS) attack is the top most vulnerability found in the today's web applications which to be a plague for the modern web applications. XSS attacks permit an attacker to execute the malicious scripts on the victim's web browser resulting in various side-effects such as data compromise, stealing of cookies, passwords, credit card numbers etc. We have also discussed a high level of taxonomy of XSS attacks and detailed incidences of these attacks on web applications. A detailed comprehensive analysis of the exploitation, detection and prevention mechanisms of XSS attacks has also been discussed. Based on explored strength and flaws of these mechanisms, we have discussed some further work.
Due to rich characteristics and functionalities, PDF format has become the de facto standard for the electronic document exchange. As vulnerabilities in the major PDF viewers have been disclosed, a number of methods h...
详细信息
ISBN:
(纸本)9781509049066
Due to rich characteristics and functionalities, PDF format has become the de facto standard for the electronic document exchange. As vulnerabilities in the major PDF viewers have been disclosed, a number of methods have been proposed to tame the increasing PDF threats. However, one recent evasion exploit is found to evade most of detections and renders all of the major static methods void. Moreover, many existing vulnerabilities identified before can now evade the detection through exploiting this evasion exploit. In this paper, we introduce this newly identified evasion exploit and propose a new feature extractor FEPDF to detect malicious PDFs. Based on the FEPDF and the javascript detection model, we test the performance of the proposed feature extractor FEPDF, and evaluation results show that FEPDF has a satisfactory performance in malicious PDF detection.
暂无评论