Title :
A simple client-side defense against environment-dependent web-based malware
Author :
Gen Lu ; Chadha, Kriti ; Debray, Saumya
Author_Institution :
Dept. of Comput. Sci., Univ. of Arizona, Tucson, AZ, USA
Abstract :
Web-based malware tend to be environment-dependent, which poses a significant challenge on defending web-based attacks, because the malicious code - which may be exposed and activated only under specific environmental conditions such as the version of the browser - may not be triggered during analysis. This paper proposes a simple approach for defending environment-dependent malware. Instead of increasing analysis coverage in detector, the goal of this technique is to ensure that the client will take the same execution path as the one examined by the detector. This technique is designed to work alongside a detector, it can handle cases existing multi-path exploration techniques are incapable of, and provides an efficient way to identify discrepancies in a JavaScript program´s execution behavior in a user´s environment compared to its behavior in a sandboxed detector, thereby detecting false negatives that may have been caused by environment dependencies. Experiment shows that this technique can effectively detect environment-dependent behavior discrepancy of various forms, including those seen in real malware.
Keywords :
Java; client-server systems; invasive software; JavaScript program execution behavior; Web-based attacks; client-side defense; environment dependency; environment-dependent Web-based malware; environment-dependent behavior discrepancy; environmental conditions; execution path; malicious code; multipath exploration techniques; sandboxed detector; user environment; Browsers; Detectors; Heuristic algorithms; Malware; Runtime; Vectors; Web pages;
Conference_Titel :
Malicious and Unwanted Software: "The Americas" (MALWARE), 2013 8th International Conference on
Conference_Location :
Fajardo, PR
Print_ISBN :
978-1-4799-2534-6
DOI :
10.1109/MALWARE.2013.6703694
