A caching relay for the World Wide Web
Selected papers of the first conference on World-Wide Web
Cluster-based scalable network services
Proceedings of the sixteenth ACM symposium on Operating systems principles
On the scale and performance of cooperative Web proxy caching
Proceedings of the seventeenth ACM symposium on Operating systems principles
Secure Execution of Java Applets Using a Remote Playground
IEEE Transactions on Software Engineering
Characterizing reference locality in the WWW
DIS '96 Proceedings of the fourth international conference on on Parallel and distributed information systems
Analysis and detection of computer viruses and worms: an annotated bibliography
ACM SIGPLAN Notices
Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor
Proceedings of the General Track: 2002 USENIX Annual Technical Conference
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
Recent worms: a survey and trends
Proceedings of the 2003 ACM workshop on Rapid malcode
Shield: vulnerability-driven network filters for preventing known vulnerability exploits
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Web tap: detecting covert web traffic
Proceedings of the 11th ACM conference on Computer and communications security
Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for Spyware Management
LISA '04 Proceedings of the 18th USENIX conference on System administration
Semantics-Aware Malware Detection
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
An analysis of internet content delivery systems
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Detecting Stealth Software with Strider GhostBuster
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Detecting past and present intrusions through vulnerability-specific predicates
Proceedings of the twentieth ACM symposium on Operating systems principles
Towards Automatic Generation of Vulnerability-Based Signatures
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Siren: Catching Evasive Malware (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
A Safety-Oriented Platform for Web Applications
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Packet vaccine: black-box exploit detection and signature generation
Proceedings of the 13th ACM conference on Computer and communications security
NetSpy: Automatic Generation of Spyware Signatures for NIDS
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Back to the Future: A Framework for Automatic Malware Removal and System Repair
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Measurement and analysis of spywave in a university environment
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Detecting targeted attacks using shadow honeypots
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Organization-based analysis of web-object sharing and caching
USITS'99 Proceedings of the 2nd conference on USENIX Symposium on Internet Technologies and Systems - Volume 2
Exploring the bounds of web latency reduction from caching and prefetching
USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems
The measured access characteristics of world-wide-web client proxy caches
USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems
BrowserShield: vulnerability-driven filtering of dynamic HTML
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Behavior-based spyware detection
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Applications of a feather-weight virtual machine
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
BotTracer: Execution-Based Bot-Like Malware Detection
ISC '08 Proceedings of the 11th international conference on Information Security
Efficiently tracking application interactions using lightweight virtualization
Proceedings of the 1st ACM workshop on Virtual machine security
Predicting web spam with HTTP session information
Proceedings of the 17th ACM conference on Information and knowledge management
CloudAV: N-version antivirus in the network cloud
SS'08 Proceedings of the 17th conference on Security symposium
Beyond blacklists: learning to detect malicious web sites from suspicious URLs
Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining
Not-a-Bot: improving service availability in the face of botnet attacks
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Malyzer: Defeating Anti-detection for Application-Level Malware Analysis
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
ALICE@home: Distributed Framework for Detecting Malicious Sites
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
BogusBiter: A transparent protection against phishing attacks
ACM Transactions on Internet Technology (TOIT)
Detection and analysis of drive-by-download attacks and malicious JavaScript code
Proceedings of the 19th international conference on World wide web
Reining in the web with content security policy
Proceedings of the 19th international conference on World wide web
BLADE: an attack-agnostic approach for preventing drive-by malware infections
Proceedings of the 17th ACM conference on Computer and communications security
Towards revealing JavaScript program intents using abstract interpretation
Proceedings of the Sixth Asian Internet Engineering Conference
Learning to detect malicious URLs
ACM Transactions on Intelligent Systems and Technology (TIST)
HARMUR: storing and analyzing historic data on malicious domains
Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
Detecting malicious web links and identifying their attack types
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Escape from monkey island: evading high-interaction honeyclients
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
ZDVUE: prioritization of javascript attacks to discover new vulnerabilities
Proceedings of the 4th ACM workshop on Security and artificial intelligence
A practical approach on clustering malicious PDF documents
Journal in Computer Virology
FlashDetect: actionscript 3 malware detection
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Securing web-clients with instrumented code and dynamic runtime monitoring
Journal of Systems and Software
Pirates of the search results page
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Effective analysis, characterization, and detection of malicious web pages
Proceedings of the 22nd international conference on World Wide Web companion
Analyzing and defending against web-based malware
ACM Computing Surveys (CSUR)
Securing embedded user interfaces: Android and beyond
SEC'13 Proceedings of the 22nd USENIX conference on Security
Efficient and effective realtime prediction of drive-by download attacks
Journal of Network and Computer Applications
Web Intelligence and Agent Systems
Hi-index | 0.00 |
This paper explores the use of execution-based Web content analysis to protect users from Internet-borne malware. Many anti-malware tools use signatures to identify malware infections on a user's PC. In contrast, our approach is to render and observe active Web content in a disposable virtual machine before it reaches the user's browser, identifying and blocking pages whose behavior is suspicious. Execution-based analysis can defend against undiscovered threats and zero-day attacks. However, our approach faces challenges, such as achieving good interactive performance, and limitations, such as defending against malicious Web content that contains non-determinism. To evaluate the potential for our execution-based technique, we designed, implemented, and measured a new proxy-based anti-malware tool called SpyProxy. SpyProxy intercepts and evaluates Web content in transit from Web servers to the browser. We present the architecture and design of our SpyProxy prototype, focusing in particular on the optimizations we developed to make on-the-fly execution-based analysis practical. We demonstrate that with careful attention to design, an execution-based proxy such as ours can be effective at detecting and blocking many of today's attacks while adding only small amounts of latency to the browsing experience. Our evaluation shows that SpyProxy detected every malware threat to which it was exposed, while adding only 600 milliseconds of latency to the start of page rendering for typical content.