论文信息 - Static code analysis and detection of multiple malicious Java applets using SVM

Static code analysis and detection of multiple malicious Java applets using SVM

An applet that performs an action against the will of the user who invoked it should be considered malicious. A malicious applet is applet that attacks the local system of a Web surfer. They can even seriously damage a Java user's machine. The problem of malicious Java applets, that is currently not well addressed by existing work. We have developed a tool for malicious Java applets, which we call Jarhead. The approach is based on static code analysis. The approach extracts features from Java applets, and uses machine learning technique called support vector machine(SVM) to produce a tool. This approach is able to detect both known and previously-unseen real-world malicious applets.

Tareek M. Pattewar | Sapana Y. Salunkhe

[1] Martin Roesch,et al. Snort - Lightweight Intrusion Detection for Networks , 1999 .

[2] Christopher Krügel,et al. Analyzing and Detecting Malicious Flash Advertisements , 2009, 2009 Annual Computer Security Applications Conference.

[3] Saumya K. Debray,et al. Obfuscation of executable code to improve resistance to static disassembly , 2003, CCS '03.

[4] Christopher Krügel,et al. Jarhead analysis and detection of malicious Java applets , 2012, ACSAC '12.

[5] Omer F. Rana,et al. Honeyware: A Web-Based Low Interaction Client Honeypot , 2010, 2010 Third International Conference on Software Testing, Verification, and Validation Workshops.

[6] Jose Nazario,et al. PhoneyC: A Virtual Client Honeypot , 2009, LEET.

[7] Ian Welch,et al. Identification of malicious web pages through analysis of underlying DNS and web server relationships , 2008, 2008 33rd IEEE Conference on Local Computer Networks (LCN).

[8] Niels Provos,et al. The Ghost in the Browser: Analysis of Web-based Malware , 2007, HotBots.

[9] Christopher Krügel,et al. Detection and analysis of drive-by-download attacks and malicious JavaScript code , 2010, WWW '10.

[10] Christopher Krügel,et al. Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks , 2009, DIMVA.