Throwing a MonkeyWrench into Web Attackers Plans

Abstract : Client-based attacks on internet users with malicious web pages represent a serious and rising threat. Internet Browsers with enabled active content technologies such as JavaScript are vulnerable to so-called drive-by downloads. Drive-by downloads are able to automatically infect a victim's system during a single visit of a crafted web page testing various vulnerabilities and installing e.g. malware files or illegal content without user interaction. In this paper we present MonkeyWrench, a low-interaction web-honeyclient allowing automatic identification of malicious web pages by performing static analysis of the HTML-objects in a web page as well as dynamic analysis of scripts by execution in an emulated browser environment. Using this hybrid approach MonkeyWrench overcomes shortcomings of existing low-interaction web-honeyclients in dealing with obfuscated JavaScript while outperforming high-interaction systems. Further MonkeyWrench is able to identify the exact vulnerability triggered by a malicious page and to extract payloads from within obfuscated scripts which are valuable information to security analysts and researchers. Results of an examination of several hundred thousand web pages demonstrate MonkeyWrench's ability to expose rising threats of the web, and to collect malware and JavaScript exploit samples.
Type de document :
Communication dans un congrès
Bart Decker; Ingrid Schaumüller-Bichl. 11th IFIP TC 6/TC 11 International Conference on Communications and Multimedia Security (CMS), May 2010, Linz, Austria. Springer, Lecture Notes in Computer Science, LNCS-6109, pp.28-39, 2010, Communications and Multimedia Security. 〈10.1007/978-3-642-13241-4_4〉
Liste complète des métadonnées

Littérature citée [5 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01056370
Contributeur : Hal Ifip <>
Soumis le : lundi 18 août 2014 - 18:15:15
Dernière modification le : vendredi 11 août 2017 - 15:29:35
Document(s) archivé(s) le : jeudi 27 novembre 2014 - 05:32:23

Fichier

cms2010_submission_14.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Armin Büscher, Michael Meier, Ralf Benzmüller. Throwing a MonkeyWrench into Web Attackers Plans. Bart Decker; Ingrid Schaumüller-Bichl. 11th IFIP TC 6/TC 11 International Conference on Communications and Multimedia Security (CMS), May 2010, Linz, Austria. Springer, Lecture Notes in Computer Science, LNCS-6109, pp.28-39, 2010, Communications and Multimedia Security. 〈10.1007/978-3-642-13241-4_4〉. 〈hal-01056370〉

Partager

Métriques

Consultations de la notice

309

Téléchargements de fichiers

229