javascript exploits impose a severe threat to computer security. Once a zero-day exploit is captured, it is critical to quickly pinpoint the javascript statements that uniquely characterize the exploit and the payload...
详细信息
ISBN:
(纸本)9783319457185;9783319457192
javascript exploits impose a severe threat to computer security. Once a zero-day exploit is captured, it is critical to quickly pinpoint the javascript statements that uniquely characterize the exploit and the payload location in the exploit. However, the current diagnosis techniques are inadequate because they approach the problem either from a javascript perspective and fail to account for "implicit" data flow invisible at javascript level, or from a binary execution perspective and fail to present the javascript level view of exploit. In this paper, we propose JSCALPEL, a framework to automatically bridge the semantic gap between the javascript level and binary level for dynamic JS-binary analysis. With this new technique, JSCALPEL can automatically pinpoint exploitation or payload injection component of javascript exploits and generate minimized exploit code and a Proof-of-Vulnerability (PoV). Using JScalpel, we analyze 15 javascript exploits, 9 memory corruption exploits from Metasploit, 4 exploits from 3 different exploit kits and 2 wild exploits and successfully recover the payload and a minimized exploit for each of the exploits.
Portable Document Format (PDF) is used as a defacto standard for sharing documents. Even though pdf is a document description language, it has lot of features similar to programming language. With the addon support of...
详细信息
ISBN:
(纸本)9781479918232
Portable Document Format (PDF) is used as a defacto standard for sharing documents. Even though pdf is a document description language, it has lot of features similar to programming language. With the addon support of javascript (malicious script) and the facility to embed any file into a PDF document, creates a big potential for disastrous cyber attacks. From 2008 onwards, the malicious users are concentrating more on embedding malicious codes into pdf documents. Compared to PE, pdf files pose higher risk since the embedded content can be encrypted and/or encoded. Recently multistage delivery of malware is used for APTs and targeted attacks. Here pdf documents are used for accomplishing one or more stages, like mini-duke, where pdf file was used for first stage. It went undetected for almost two years. These files could be considered as a carrier of k-ary codes. In this paper, we bring out the importance of analyzing the data encoded in the stream tag along with other structural information. We are giving a proof of concept by embedding javascript into PDF document. This is not detected by any of the existing pdf parsers. Finally, we propose ensemble learning for detecting such pdf files.
Drive-by downloads are currently one of the most popular methods of malware distribution. Widely visited legitimate websites are infused with invisible or barely visible Iframes pointing to malicious URLs, causing sil...
详细信息
ISBN:
(纸本)9783642255595
Drive-by downloads are currently one of the most popular methods of malware distribution. Widely visited legitimate websites are infused with invisible or barely visible Iframes pointing to malicious URLs, causing silent download malware on users system. In this paper, we present a client side solution for protection from such malevolent;hidden Iframes. We have implemented our solution as an extension to Mozilla Firefox browser. The extension will check every Iframe loaded in the browser for properties emblematic of malicious Iframes such as hidden visibility styles and 0-pixel dimensions. These Thames are then blocked by using browser content policy mechanism, hence alleviating the possibility of the malicious download taking place.
Táto práca sa zaoberá problematikou škodlivého kódu na webe so zameraním na analýzu a detekciu škodlivého javascriptu umiestneného na strane klienta s využitím strojov...
详细信息
Táto práca sa zaoberá problematikou škodlivého kódu na webe so zameraním na analýzu a detekciu škodlivého javascriptu umiestneného na strane klienta s využitím strojového učenia. Navrhnutý prístup využíva známe i nové pozorovania s ohľadom na rozdiely medzi škodlivými a legitímnymi vzorkami. Tento prístup má potenciál detekovať nové exploity i zero-day útoky. Systém pre takúto detekciu bol implementovaný a využíva modely strojového učenia. Výkon modelov bol evaluovaný pomocou F1-skóre na základe niekoľkých experimentov. Použitie rozhodovacích stromov sa podľa experimentov ukázalo ako najefektívnejšia možnosť. Najefektívnejším modelom sa ukázal byť Adaboost klasifikátor s dosiahnutým F1-skóre až 99.16 %. Tento model pracoval s 200 inštanciami randomizovaného rozhodovacieho stromu založeného na algoritme Extra-Trees. Viacvrstvový perceptrón bol druhým najlepším modelom s dosiahnutým F1-skóre 97.94 %.
暂无评论