Detection of Malicious Web Pages Using System Calls Sequences

Abstract : Web sites are often used for diffusing malware; an increasingly number of attacks are performed by delivering malicious code in web pages: drive-by download, malvertisement, rogueware, phishing are just the most common examples. In this scenario, JavaScript plays an important role, as it allows to insert code into the web page that will be executed on the client machine, letting the attacker to perform a plethora of actions which are necessary to successfully accomplish an attack. Existing techniques for detecting malicious JavaScript suffer from some limitations like: the capability of recognizing only known attacks, being tailored only to specific attacks, or being ineffective when appropriate evasion techniques are implemented by attackers. In this paper we propose to use system calls to detect malicious JavaScript. The main advantage is that capturing the system calls allows a description of the attack at a very high level of abstraction. On the one hand, this limits the evasion techniques which could succeed, and, on the other hand, produces a very high detection accuracy (96%), as experimentation demonstrated.
Type de document :
Communication dans un congrès
Stephanie Teufel; Tjoa A Min; Ilsun You; Edgar Weippl. International Cross-Domain Conference and Workshop on Availability, Reliability, and Security (CD-ARES), Sep 2014, Fribourg, Switzerland. Springer, Lecture Notes in Computer Science, LNCS-8708, pp.226-238, 2014, Availability, Reliability, and Security in Information Systems. 〈10.1007/978-3-319-10975-6_17〉
Liste complète des métadonnées

Littérature citée [26 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01403998
Contributeur : Hal Ifip <>
Soumis le : lundi 28 novembre 2016 - 11:27:01
Dernière modification le : lundi 28 novembre 2016 - 11:36:26

Fichier

978-3-319-10975-6_17_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Gerardo Canfora, Eric Medvet, Francesco Mercaldo, Corrado Visaggio. Detection of Malicious Web Pages Using System Calls Sequences. Stephanie Teufel; Tjoa A Min; Ilsun You; Edgar Weippl. International Cross-Domain Conference and Workshop on Availability, Reliability, and Security (CD-ARES), Sep 2014, Fribourg, Switzerland. Springer, Lecture Notes in Computer Science, LNCS-8708, pp.226-238, 2014, Availability, Reliability, and Security in Information Systems. 〈10.1007/978-3-319-10975-6_17〉. 〈hal-01403998〉

Partager

Métriques

Consultations de la notice

32

Téléchargements de fichiers

40