• DocumentCode
    1785260
  • Title

    HoneyAgent: Detecting malicious Java applets by using dynamic analysis

  • Author

    Gassen, Jan ; Chapman, Jonathan P.

  • Author_Institution
    Fraunhofer FKIE, Bonn, Germany
  • fYear
    2014
  • fDate
    28-30 Oct. 2014
  • Firstpage
    109
  • Lastpage
    117
  • Abstract
    Malicious Java applets are widely used to deliver malicious software to remote systems. In this work, we present HoneyAgent which allows for the dynamic analysis of Java applets, bypassing common obfuscation techniques. This enables security researchers to quickly comprehend the functionality of an examined applet and to unveil malicious behavior. In order to trace the behavior of a sample as far as possible, HoneyAgent is further able to simulate various vulnerabilities allowing analysts for example to identify the malware that should finally be installed by the applet. In our evaluation, we show that HoneyAgent is able to reliably detect malicious applets used by common exploit kits with no false positives. By using a combination of heuristics as well as signatures applied to observed method invocations, HoneyAgent is further able to identify exploited common vulnerabilities and exposures in many cases.
  • Keywords
    Java; distributed processing; invasive software; system monitoring; HoneyAgent; dynamic analysis; malicious Java applet detection; malicious behavior; malicious software; obfuscation techniques; remote systems; security researchers; Arrays; Java; Malware; Runtime; Software; Web pages;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Malicious and Unwanted Software: The Americas (MALWARE), 2014 9th International Conference on
  • Conference_Location
    Fajardo, PR
  • Print_ISBN
    978-1-4799-7328-6
  • Type

    conf

  • DOI
    10.1109/MALWARE.2014.6999402
  • Filename
    6999402
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1785260