Sciweavers

Share
WWW
2010
ACM

Detection and analysis of drive-by-download attacks and malicious JavaScript code

11 years 6 months ago
Detection and analysis of drive-by-download attacks and malicious JavaScript code
JavaScript is a browser scripting language that allows developers to create sophisticated client-side interfaces for web applications. However, JavaScript code is also used to carry out attacks against the user’s browser and its extensions. These attacks usually result in the download of additional malware that takes complete control of the victim’s platform, and are, therefore, called “drive-by downloads.” Unfortunately, the dynamic nature of the JavaScript language and its tight integration with the browser make it difficult to detect and block malicious JavaScript code. This paper presents a novel approach to the detection and analysis of malicious JavaScript code. Our approach combines anomaly detection with emulation to automatically identify malicious JavaScript code and to support its analysis. We developed a system that uses a number of features and machine-learning techniques to establish the characteristics of normal JavaScript code. Then, during detection, the syst...
Marco Cova, Christopher Krügel, Giovanni Vign
Added 14 May 2010
Updated 14 May 2010
Type Conference
Year 2010
Where WWW
Authors Marco Cova, Christopher Krügel, Giovanni Vigna
Comments (0)
books