BrowserGuard: A behavior-based solution to drive-by-download attacks

Fu Hau Hsu, Chang Kuo Tso, Yi Chun Yeh, Wei Jen Wang, Li Han Chen

研究成果: 雜誌貢獻期刊論文同行評審

24 引文 斯高帕斯(Scopus)

摘要

Along with an increasing user population of various web applications, browser-based drive-by-download attacks soon become one of the most common security threats to the cyber community. A user using a vulnerable browser or browser plug-ins may become a victim of a drive-by-download attack right after visiting a vicious web site. The end result of such attacks is that an attacker can download and execute any code on the victim's host. This paper proposes a runtime, behavior-based solution, BrowserGuard, to protect a browser against drive-by-download attacks. BrowserGuard records the download scenario of every file that is loaded into a host through a browser. Then based on the download scenario, BrowserGuard blocks the execution of any file that is loaded into a host without the consent of a browser user. Due to its behavior-based detection nature, BrowserGuard does not need to analyze the source file of any web page or the run-time states of any script code, such as Javascript. BrowserGuard also does not need to maintain any exploit code samples and does not need to query the reputation value of any web site. We utilize the standard BHO mechanism of Windows to implement BrowserGuard on IE 7.0. Experimental results show that BrowserGuard has low performance overhead (less than 2.5%) and no false positives and false negatives for the web pages used in our experiments.

原文???core.languages.en_GB???
文章編號5963164
頁(從 - 到)1461-1468
頁數8
期刊IEEE Journal on Selected Areas in Communications
29
發行號7
DOIs
出版狀態已出版 - 8月 2011

指紋

深入研究「BrowserGuard: A behavior-based solution to drive-by-download attacks」主題。共同形成了獨特的指紋。

引用此