IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Exploring Multiple Execution Paths for Malware Analysis
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
The ghost in the browser analysis of web-based malware
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
SpyProxy: execution-based detection of malicious web content
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Ghost turns zombie: exploring the life cycle of web-based malware
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Engineering heap overflow exploits with JavaScript
WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
SS'08 Proceedings of the 17th conference on Security symposium
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
A forced sampled execution approach to kernel rootkit identification
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
PhoneyC: a virtual client honeypot
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
NOZZLE: a defense against heap-spraying code injection attacks
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Cujo: efficient detection and prevention of drive-by-download attacks
Proceedings of the 26th Annual Computer Security Applications Conference
Scalable web object inspection and malfease collection
HotSec'10 Proceedings of the 5th USENIX conference on Hot topics in security
Flexible in-lined reference monitor certification: challenges and future directions
Proceedings of the 5th ACM workshop on Programming languages meets program verification
AdJail: practical enforcement of confidentiality and integrity policies on web advertisements
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Towards revealing JavaScript program intents using abstract interpretation
Proceedings of the Sixth Asian Internet Engineering Conference
ARROW: GenerAting SignatuRes to Detect DRive-By DOWnloads
Proceedings of the 20th international conference on World wide web
Prophiler: a fast filter for the large-scale detection of malicious web pages
Proceedings of the 20th international conference on World wide web
WebPatrol: automated collection and replay of web-based malware scenarios
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Combining static and dynamic analysis for the detection of malicious documents
Proceedings of the Fourth European Workshop on System Security
HARMUR: storing and analyzing historic data on malicious domains
Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
Escape from monkey island: evading high-interaction honeyclients
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
ZOZZLE: fast and precise in-browser JavaScript malware detection
SEC'11 Proceedings of the 20th USENIX conference on Security
SHELLOS: enabling fast detection and forensic analysis of code injection attacks
SEC'11 Proceedings of the 20th USENIX conference on Security
Atlantis: robust, extensible execution environments for web applications
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
ZDVUE: prioritization of javascript attacks to discover new vulnerabilities
Proceedings of the 4th ACM workshop on Security and artificial intelligence
Artificial intelligence and the future of cybersecurity
Proceedings of the 4th ACM workshop on Security and artificial intelligence
ToMaTo: a trustworthy code mashup development tool
Proceedings of the 5th International Workshop on Web APIs and Service Mashups
Static detection of malicious JavaScript-bearing PDF documents
Proceedings of the 27th Annual Computer Security Applications Conference
Proceedings of the 2011 ACM Symposium on Research in Applied Computation
Symbolic finite state transducers: algorithms and applications
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Finding non-trivial malware naming inconsistencies
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Shellzer: a tool for the dynamic analysis of malicious shellcode
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
IceShield: detection and mitigation of malicious websites with a frozen DOM
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Malware characteristics and threats on the internet ecosystem
Journal of Systems and Software
PKI as part of an integrated risk management strategy for web security
EuroPKI'11 Proceedings of the 8th European conference on Public Key Infrastructures, Services, and Applications
Holography: a behavior-based profiler for malware analysis
Software—Practice & Experience
Tracking the trackers: fast and scalable dynamic analysis of web content for privacy violations
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
A pattern recognition system for malicious PDF files detection
MLDM'12 Proceedings of the 8th international conference on Machine Learning and Data Mining in Pattern Recognition
Analysis and detection of web spam by means of web content
IRFC'12 Proceedings of the 5th conference on Multidisciplinary Information Retrieval
Early detection of malicious behavior in JavaScript code
Proceedings of the 5th ACM workshop on Security and artificial intelligence
Autonomous learning for detection of JavaScript attacks: vision or reality?
Proceedings of the 5th ACM workshop on Security and artificial intelligence
An approach for identifying JavaScript-loaded advertisements through static program analysis
Proceedings of the 2012 ACM workshop on Privacy in the electronic society
Knowing your enemy: understanding and detecting malicious web advertising
Proceedings of the 2012 ACM conference on Computer and communications security
Manufacturing compromise: the emergence of exploit-as-a-service
Proceedings of the 2012 ACM conference on Computer and communications security
A practical approach on clustering malicious PDF documents
Journal in Computer Virology
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
FlashDetect: actionscript 3 malware detection
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Beyond the blacklist: modeling malware spread and the effect of interventions
Proceedings of the 2012 workshop on New security paradigms
Using memory management to detect and extract illegitimate code for malware analysis
Proceedings of the 28th Annual Computer Security Applications Conference
Down to the bare metal: using processor features for binary analysis
Proceedings of the 28th Annual Computer Security Applications Conference
Malicious PDF detection using metadata and structural features
Proceedings of the 28th Annual Computer Security Applications Conference
Jarhead analysis and detection of malicious Java applets
Proceedings of the 28th Annual Computer Security Applications Conference
JStill: mostly static detection of obfuscated malicious JavaScript code
Proceedings of the third ACM conference on Data and application security and privacy
Cross-layer detection of malicious websites
Proceedings of the third ACM conference on Data and application security and privacy
A measurement study of insecure javascript practices on the web
ACM Transactions on the Web (TWEB)
Identification of potential malicious web pages
AISC '11 Proceedings of the Ninth Australasian Information Security Conference - Volume 116
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Effective analysis, characterization, and detection of malicious web pages
Proceedings of the 22nd international conference on World Wide Web companion
Extracting URLs from JavaScript via program analysis
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Measurement and understanding of cyberlocker URL-sharing sites: focus on movie files
Proceedings of the 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining
Analyzing and defending against web-based malware
ACM Computing Surveys (CSUR)
Shady paths: leveraging surfing crowds to detect malicious web pages
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Delta: automatic identification of unknown web-based infection campaigns
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
A close look on n-grams in intrusion detection: anomaly detection vs. classification
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
Anatomy of drive-by download attack
AISC '13 Proceedings of the Eleventh Australasian Information Security Conference - Volume 138
SAAD, a content based Web Spam Analyzer and Detector
Journal of Systems and Software
Driving in the cloud: an analysis of drive-by download operations and abuse reporting
DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Weaknesses in defenses against web-borne malware
DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Revolver: an automated approach to the detection of evasiveweb-based malware
SEC'13 Proceedings of the 22nd USENIX conference on Security
Using clone detection to find malware in acrobat files
CASCON '13 Proceedings of the 2013 Conference of the Center for Advanced Studies on Collaborative Research
WebWinnow: leveraging exploit kit workflows to detect malicious urls
Proceedings of the 4th ACM conference on Data and application security and privacy
Efficient and effective realtime prediction of drive-by download attacks
Journal of Network and Computer Applications
Stranger danger: exploring the ecosystem of ad-based URL shortening services
Proceedings of the 23rd international conference on World wide web
Hi-index | 0.00 |
JavaScript is a browser scripting language that allows developers to create sophisticated client-side interfaces for web applications. However, JavaScript code is also used to carry out attacks against the user's browser and its extensions. These attacks usually result in the download of additional malware that takes complete control of the victim's platform, and are, therefore, called "drive-by downloads." Unfortunately, the dynamic nature of the JavaScript language and its tight integration with the browser make it difficult to detect and block malicious JavaScript code. This paper presents a novel approach to the detection and analysis of malicious JavaScript code. Our approach combines anomaly detection with emulation to automatically identify malicious JavaScript code and to support its analysis. We developed a system that uses a number of features and machine-learning techniques to establish the characteristics of normal JavaScript code. Then, during detection, the system is able to identify anomalous JavaScript code by emulating its behavior and comparing it to the established profiles. In addition to identifying malicious code, the system is able to support the analysis of obfuscated code and to generate detection signatures for signature-based systems. The system has been made publicly available and has been used by thousands of analysts.