Detection and analysis of drive-by-download attacks and malicious JavaScript code - Citegraph

Paper Info

Title
Detection and analysis of drive-by-download attacks and malicious JavaScript code

Abstract
JavaScript is a browser scripting language that allows developers to create sophisticated client-side interfaces for web applications. However, JavaScript code is also used to carry out attacks against the user's browser and its extensions. These attacks usually result in the download of additional malware that takes complete control of the victim's platform, and are, therefore, called "drive-by downloads." Unfortunately, the dynamic nature of the JavaScript language and its tight integration with the browser make it difficult to detect and block malicious JavaScript code. This paper presents a novel approach to the detection and analysis of malicious JavaScript code. Our approach combines anomaly detection with emulation to automatically identify malicious JavaScript code and to support its analysis. We developed a system that uses a number of features and machine-learning techniques to establish the characteristics of normal JavaScript code. Then, during detection, the system is able to identify anomalous JavaScript code by emulating its behavior and comparing it to the established profiles. In addition to identifying malicious code, the system is able to support the analysis of obfuscated code and to generate detection signatures for signature-based systems. The system has been made publicly available and has been used by thousands of analysts.

Year	DOI	Venue
2010	10.1145/1772690.1772720	WWW
Keywords	Field	DocType
signature-based system,anomaly detection,anomalous javascript code,detection signature,normal javascript code,javascript code,obfuscated code,javascript language,malicious javascript code,drive-by-download attack,malicious code	World Wide Web,Exploit kit,Computer science,Unobtrusive JavaScript,Cross-site request forgery,Minification,Web application,Obfuscation (software),Malware,JavaScript	Conference
Citations	PageRank	References
230	10.49	19
Authors
3

Search Limit

100230

Authors (3 rows)

Cited by (100 rows)

References (19 rows)

Name	Order	Citations	PageRank
Marco Cova	1	1425	71.19
Christopher Kruegel	2	8799	516.05
Giovanni Vigna	3	7121	507.72

1