A simple client-side defense against environment-dependent web-based malware

Gen Lu, Karan Chadha, Saumya Debray

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Web-based malware tend to be environment-dependent, which poses a significant challenge on defending web-based attacks, because the malicious code - which may be exposed and activated only under specific environmental conditions such as the version of the browser - may not be triggered during analysis. This paper proposes a simple approach for defending environment-dependent malware. Instead of increasing analysis coverage in detector, the goal of this technique is to ensure that the client will take the same execution path as the one examined by the detector. This technique is designed to work alongside a detector, it can handle cases existing multi-path exploration techniques are incapable of, and provides an efficient way to identify discrepancies in a JavaScript program's execution behavior in a user's environment compared to its behavior in a sandboxed detector, thereby detecting false negatives that may have been caused by environment dependencies. Experiment shows that this technique can effectively detect environment- dependent behavior discrepancy of various forms, including those seen in real malware.

Original languageEnglish (US)
Title of host publicationProceedings of the 2013 8th International Conference on Malicious and Unwanted Software
Subtitle of host publication"The Americas", MALWARE 2013
PublisherIEEE Computer Society
Pages124-131
Number of pages8
ISBN (Print)9781479925339
DOIs
StatePublished - 2013
Event2013 8th International Conference on Malicious and Unwanted Software: "The Americas", MALWARE 2013 - Fajardo, PR, United States
Duration: Oct 22 2013Oct 24 2013

Publication series

NameProceedings of the 2013 8th International Conference on Malicious and Unwanted Software: "The Americas", MALWARE 2013

Other

Other2013 8th International Conference on Malicious and Unwanted Software: "The Americas", MALWARE 2013
CountryUnited States
CityFajardo, PR
Period10/22/1310/24/13

ASJC Scopus subject areas

  • Software

Fingerprint Dive into the research topics of 'A simple client-side defense against environment-dependent web-based malware'. Together they form a unique fingerprint.

  • Cite this

    Lu, G., Chadha, K., & Debray, S. (2013). A simple client-side defense against environment-dependent web-based malware. In Proceedings of the 2013 8th International Conference on Malicious and Unwanted Software: "The Americas", MALWARE 2013 (pp. 124-131). [6703694] (Proceedings of the 2013 8th International Conference on Malicious and Unwanted Software: "The Americas", MALWARE 2013). IEEE Computer Society. https://doi.org/10.1109/MALWARE.2013.6703694