Scalable web object inspection and malfease collection

Authors:
Charalampos Andrianakis;Paul Seymer;Angelos Stavrou
Affiliations:
Center for Secure Information Systems, George Mason University, Fairfax, VA;Center for Secure Information Systems, George Mason University, Fairfax, VA;Center for Secure Information Systems, George Mason University, Fairfax, VA
Venue:
HotSec'10 Proceedings of the 5th USENIX conference on Hot topics in security
Year:
2010

Citing 12
Cited 1

Wine

Linux Journal
Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor

Proceedings of the General Track: 2002 USENIX Annual Technical Conference
Pin: building customized program analysis tools with dynamic instrumentation

Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
QEMU, a fast and portable dynamic translator

ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
SuperPin: Parallelizing Dynamic Instrumentation for Real-Time Performance

Proceedings of the International Symposium on Code Generation and Optimization
The ghost in the browser analysis of web-based malware

HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
VirtualBox: bits and bytes masquerading as machines

Linux Journal
Ghost turns zombie: exploring the life cycle of web-based malware

LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
All your iFRAMEs point to Us

SS'08 Proceedings of the 17th conference on Security symposium
Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks

DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Detection and analysis of drive-by-download attacks and malicious JavaScript code

Proceedings of the 19th international conference on World wide web
NOZZLE: a defense against heap-spraying code injection attacks

SSYM'09 Proceedings of the 18th conference on USENIX security symposium

Malicious PDF detection using metadata and structural features

Proceedings of the 28th Annual Computer Security Applications Conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

Internet drive-by downloads attacks are the preferred vehicle to infect desktop computers. In this paper, we propose a new URL analysis framework that combines lightweight virtualization and novel modifications to the WINE engine to detect heap spray attacks against applications. In addition, we are able to extract the attack shellcode used to further download other malicious binaries to the victim machine. Our preliminary results indicate that our system offers a compelling alternative to other process monitoring and virtualization technologies including QEMU and VMware since it can scale to thousands of instances per machine.