• DocumentCode
    3478065
  • Title

    Detecting Code Injection Attacks in Internet Explorer

  • Author

    Anderson, Blake ; Quist, Daniel ; Lane, Terran

  • Author_Institution
    Los Alamos Nat. Lab., Los Alamos, NM, USA
  • fYear
    2011
  • fDate
    18-22 July 2011
  • Firstpage
    90
  • Lastpage
    95
  • Abstract
    Code injection vulnerabilities are a major threat to Internet security. The ability for a malicious website to install malware on a host using these vulnerabilities without its knowledge is particularly menacing. In this paper, we approach this problem from a new perspective by constructing a Markov chain graph from the system calls Internet Explorer executes and then modeling this graph over time. We apply a Gaussian process change-point algorithm to detect code injection attacks. To show the efficacy of this approach, we collect a novel dataset of system call traces of 6 code injection attacks using 3 distinct exploits against the Internet Explorer browser. Our algorithm was able to detect all of the code injection attacks with a limited number of false positives.
  • Keywords
    Gaussian processes; Markov processes; invasive software; online front-ends; Gaussian process change-point algorithm; Internet Explorer; Internet security; Markov chain graph; code injection attack detection; code injection vulnerability; malicious Web site; malware; Browsers; Detection algorithms; Gaussian processes; Internet; Kernel; Markov processes; Virtual machining; Code Injection; Graph Kernels; Malware Detection; Support Vector Machines;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Software and Applications Conference Workshops (COMPSACW), 2011 IEEE 35th Annual
  • Conference_Location
    Munich
  • Print_ISBN
    978-1-4577-0980-7
  • Electronic_ISBN
    978-0-7695-4459-5
  • Type

    conf

  • DOI
    10.1109/COMPSACW.2011.25
  • Filename
    6032219
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3478065