ZDVUE: prioritization of javascript attacks to discover new vulnerabilities - Citegraph

Paper Info

Title
ZDVUE: prioritization of javascript attacks to discover new vulnerabilities

Abstract
Malware writers are constantly looking for new vulnerabilities to exploit in popular software applications. A successful exploit of a previously unknown vulnerability, that evades state-of-the art anti-virus and intrusion-detection systems is called a zero-day vulnerability. JavaScript is a popular vehicle for testing and delivering attacks through drive-by downloads on web clients. Failed attack attempts leave traces of suspicious activity on victim machines. We present ZDVUE, a tool for automatic prioritization of suspicious JavaScript traces, which can lead to early detection of potential zero-day vulnerabilities. Our algorithm uses a combination of correlation analysis and mixture modeling for fast and robust prioritization of suspicious JavaScript samples.On data collected between June and November 2009, ZDVUE identified a new zero-day vulnerability and its variant in its top results, as well as revealed many new anti-virus signatures. ZDVUE is used in our organization on a routine basis to automatically filter, analyze, and prioritize thousands of downloaded JavaScript files, for information to update anti-virus signatures and to find new zero-day vulnerabilities.

Year	DOI	Venue
2011	10.1145/2046684.2046690	AISec
Keywords	Field	DocType
javascript attack,state-of-the art anti-virus,javascript file,zero-day vulnerability,anti-virus signature,new anti-virus signature,new zero-day vulnerability,suspicious javascript sample,potential zero-day vulnerability,suspicious javascript trace,new vulnerability,data mining,data collection,intrusion detection system,zero day vulnerabilities,mixture model	World Wide Web,Mixture modeling,Computer security,Computer science,Prioritization,Exploit,Software,Malware,Correlation analysis,JavaScript,Vulnerability	Conference
Citations	PageRank	References
4	0.43	18
Authors
6

Authors (6 rows)

Cited by (4 rows)

References (18 rows)

Name	Order	Citations	PageRank
Sandeep Karanth	1	7	1.29
Srivatsan Laxman	2	421	21.65
Prasad Naldurg	3	488	43.39
Ramarathnam Venkatesan	4	1326	111.13
J. Lambert	5	4	0.43
Jinwook Shin	6	51	6.27

1