The nature of statistical learning theory
The nature of statistical learning theory
Machine Learning
An introduction to support Vector Machines: and other kernel-based learning methods
An introduction to support Vector Machines: and other kernel-based learning methods
Linear-Time Computation of Similarity Measures for Sequential Data
The Journal of Machine Learning Research
LIBLINEAR: A Library for Large Linear Classification
The Journal of Machine Learning Research
SS'08 Proceedings of the 17th conference on Security symposium
Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Detection and analysis of drive-by-download attacks and malicious JavaScript code
Proceedings of the 19th international conference on World wide web
PhoneyC: a virtual client honeypot
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
NOZZLE: a defense against heap-spraying code injection attacks
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
BLADE: an attack-agnostic approach for preventing drive-by malware infections
Proceedings of the 17th ACM conference on Computer and communications security
Cujo: efficient detection and prevention of drive-by-download attacks
Proceedings of the 26th Annual Computer Security Applications Conference
Prophiler: a fast filter for the large-scale detection of malicious web pages
Proceedings of the 20th international conference on World wide web
ZOZZLE: fast and precise in-browser JavaScript malware detection
SEC'11 Proceedings of the 20th USENIX conference on Security
ZDVUE: prioritization of javascript attacks to discover new vulnerabilities
Proceedings of the 4th ACM workshop on Security and artificial intelligence
Throwing a monkeywrench into web attackers plans
CMS'10 Proceedings of the 11th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security
IceShield: detection and mitigation of malicious websites with a frozen DOM
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
An introduction to kernel-based learning algorithms
IEEE Transactions on Neural Networks
Review: Classification of malware based on integrated static and dynamic features
Journal of Network and Computer Applications
| Hi-index | 0.00 |
Malicious JavaScript code is widely used for exploiting vulnerabilities in web browsers and infecting users with malicious software. Static detection methods fail to protect from this threat, as they are unable to cope with the complexity and dynamics of interpreted code. In contrast, the dynamic analysis of JavaScript code at run-time has proven to be effective in identifying malicious behavior. During the execution of the code, however, damage may already take place and thus an early detection is critical for effective protection. In this paper, we introduce EarlyBird: a detection method optimized for early identification of malicious behavior in JavaScript code. The method uses machine learning techniques for jointly optimizing the accuracy and the time of detection. In an evaluation with hundreds of real attacks, EarlyBird precisely identifies malicious behavior while limiting the amount of malicious code that is executed by a factor of 2 (43%) on average.