Abstract | ||
---|---|---|
Malware writers are constantly looking for new vulnerabilities to exploit in popular software applications. A successful exploit of a previously unknown vulnerability, that evades state-of-the art anti-virus and intrusion-detection systems is called a zero-day vulnerability. JavaScript is a popular vehicle for testing and delivering attacks through drive-by downloads on web clients. Failed attack attempts leave traces of suspicious activity on victim machines. We present ZDVUE, a tool for automatic prioritization of suspicious JavaScript traces, which can lead to early detection of potential zero-day vulnerabilities. Our algorithm uses a combination of correlation analysis and mixture modeling for fast and robust prioritization of suspicious JavaScript samples.On data collected between June and November 2009, ZDVUE identified a new zero-day vulnerability and its variant in its top results, as well as revealed many new anti-virus signatures. ZDVUE is used in our organization on a routine basis to automatically filter, analyze, and prioritize thousands of downloaded JavaScript files, for information to update anti-virus signatures and to find new zero-day vulnerabilities. |
Year | DOI | Venue |
---|---|---|
2011 | 10.1145/2046684.2046690 | AISec |
Keywords | Field | DocType |
javascript attack,state-of-the art anti-virus,javascript file,zero-day vulnerability,anti-virus signature,new anti-virus signature,new zero-day vulnerability,suspicious javascript sample,potential zero-day vulnerability,suspicious javascript trace,new vulnerability,data mining,data collection,intrusion detection system,zero day vulnerabilities,mixture model | World Wide Web,Mixture modeling,Computer security,Computer science,Prioritization,Exploit,Software,Malware,Correlation analysis,JavaScript,Vulnerability | Conference |
Citations | PageRank | References |
4 | 0.43 | 18 |
Authors | ||
6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Sandeep Karanth | 1 | 7 | 1.29 |
Srivatsan Laxman | 2 | 421 | 21.65 |
Prasad Naldurg | 3 | 488 | 43.39 |
Ramarathnam Venkatesan | 4 | 1326 | 111.13 |
J. Lambert | 5 | 4 | 0.43 |
Jinwook Shin | 6 | 51 | 6.27 |