Interprocedural slicing using dependence graphs
ACM Transactions on Programming Languages and Systems (TOPLAS)
Anomalous intrusion detection system for hostile Java applets
Journal of Systems and Software
Java Virtual Machine Specification
Java Virtual Machine Specification
Obfuscation of executable code to improve resistance to static disassembly
Proceedings of the 10th ACM conference on Computer and communications security
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
IEEE Transactions on Software Engineering
The ghost in the browser analysis of web-based malware
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
The WEKA data mining software: an update
ACM SIGKDD Explorations Newsletter
Analyzing and Detecting Malicious Flash Advertisements
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Detection and analysis of drive-by-download attacks and malicious JavaScript code
Proceedings of the 19th international conference on World wide web
Honeyware: A Web-Based Low Interaction Client Honeypot
ICSTW '10 Proceedings of the 2010 Third International Conference on Software Testing, Verification, and Validation Workshops
PhoneyC: a virtual client honeypot
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Shellzer: a tool for the dynamic analysis of malicious shellcode
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Hi-index | 0.00 |
Java applets have increasingly been used as a vector to deliver drive-by download attacks that bypass the sandboxing mechanisms of the browser's Java Virtual Machine and compromise the user's environment. Unfortunately, the research community has not given to this problem the attention it deserves, and, as a consequence, the state-of-the-art approaches to the detection of malicious Java applets are based either on simple signatures or on the use of honey-clients, which are both easily evaded. Therefore, we propose a novel approach to the detection of malicious Java applets based on static code analysis. Our approach extracts a number of features from Java applets, and then uses supervised machine learning to produce a classifier. We implemented our approach in a tool, called Jarhead, and we tested its effectiveness on a large, real-world dataset. The results of the evaluation show that, given a sufficiently large training dataset, this approach is able to reliably detect both known and previously-unseen real-world malicious applets.