论文信息 - ADSandbox: sandboxing JavaScript to fight malicious websites

ADSandbox: sandboxing JavaScript to fight malicious websites

We present ADSandbox, an analysis system for malicious websites that focusses on detecting attacks through JavaScript. Since, in contrast to Java, JavaScript does not have any built-in sandbox concept, the idea is to execute any embedded JavaScript within an isolated environment and log every critical action. Using heuristics on these logs, ADSandbox decides whether the site is malicious or not. In contrast to previous work, this approach combines generality with usability, since the system is executed directly on the client running the web browser before the web page is displayed. We show that we can achieve false positive rates close to 0% and false negative rates below 15% with a performance overhead of only a few seconds, what is a bit high for real time application, but supposes a great potential for future versions of our tool.

Andreas Dewald | Felix C. Freiling | Thorsten Holz

[1] Christopher Krügel,et al. Polymorphic Worm Detection Using Structural Information of Executables , 2005, RAID.

[2] Xuxian Jiang,et al. Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities , 2006, NDSS.

[3] Helen J. Wang,et al. Strider: a black-box, state-based approach to change and configuration management and support , 2003, Sci. Comput. Program..

[4] James Newsome,et al. Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[5] Evangelos P. Markatos,et al. STRIDE: Polymorphic Sled Detection through Instruction Sequence Analysis , 2005, SEC.

[6] Benjamin Livshits,et al. NOZZLE: A Defense Against Heap-spraying Code Injection Attacks , 2009, USENIX Security Symposium.

[7] Christopher Krügel,et al. Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks , 2009, DIMVA.

[8] Benjamin Livshits,et al. Spectator: Detection and Containment of JavaScript Worms , 2008, USENIX Annual Technical Conference.

[9] Steven D. Gribble,et al. A safety-oriented platform for Web applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).