Spectator: Detection and Containment of JavaScript Worms

12 years 3 days ago
Spectator: Detection and Containment of JavaScript Worms
Recent popularity of interactive AJAX-based Web 2.0 applications has given rise to a new breed of security threats: JavaScript worms. In this paper we propose Spectator, the first automatic detection and containment solution for JavaScript worms. Spectator performs distributed data tainting by observing and tagging the traffic between the browser and the Web application. When a piece of data propagates too far, a worm is reported. To prevent worm propagation, subsequent upload attempts performed by the same worm are blocked. Spectator is able to detect fast and slow moving, monomorphic and polymorphic worms with a low rate of false positives. In addition to our detection and containment solution, we propose a range of deployment models for Spectator, ranging from simple intranet-wide deployments to a scalable load-balancing scheme appropriate for large Web sites. In this paper we demonstrate the effectiveness and efficiency of Spectator through both large-scale simulations as well as ...
V. Benjamin Livshits, Weidong Cui
Added 02 Oct 2010
Updated 02 Oct 2010
Type Conference
Year 2008
Authors V. Benjamin Livshits, Weidong Cui
Comments (0)