Abstract
Drive-by-download attacks create major threats on web infrastructure. These attacks happen when a user visits a malicious website which downloads and executes malware in user’s computer by exploiting the vulnerabilities in web browsers or web plug-ins. After such attacks, attacker can obtain complete access of the system. In this paper, we design and implement a solution for drive-by-download attacks called BrowserGuard2. Its behaviour is based run-time solution; hence it does not analyse webpage source code or script code. It does not take website ranking into consideration and does not maintain exploit code sample. BrowserGuard2 analyses download process of a file being downloaded and based on the results after analysing it successfully blocks malware execution. Based on experimental results it was observed that, BrowserGuard2 has zero false negatives and false positives for websites visited with low overhead.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Fu-Hau Hsu, Chang-Kuo Tso, Yi-Chun Yeh, Wei-Jen Wang, and Li-Han Chen, “BrowserGuard- a behaviour-based solution to Drive-by-Download attacks,” in IEEE Journal on Selected Areas in Communications (vol: 29, issue: 7), 2011, pp. 1461–1468.
“Microsoft Security Research & Defense,” [Online]. Available: https://blogs.technet.com/srd/archive/2008/02/06/The-Kill_2D00_BitFAQ_3A00_-Part-1-of-3.aspx.
F.-H. Hsu, C.-H. Huang, C.-H. Hsu, C.-W. Ou, L.-H. Chen, and P.-C. Chiu, “HSP: A solution against heap sprays,” Journal of Systems and Software, vol. 83, 2010, pp. 2227–2236.
P. Ratanaworabhan, B. Livshits, and B. Zorn, “NOZZLE: a defense against heap-spraying code injection attacks,” in Proc. 18th conference on USENIX security symposium. USENIX Association, 2009, pp. 169–186.
M. Egele, P. Wurzinger, C. Kruegel, and E. Kirda, “Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks,” in Proc. 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, ser. DIMVA’09. Springer-Verlag, 2009, pp. 88–106.
L. Lu, V. Yegneswaran, P. Porras, and W. Lee, “BLADE: an attack-agnostic approach for preventing drive-by malware infections,” in Proc. 17th ACM conference on Computer and communications security, ser. CCS’10. ACM, 2010, pp. 440–450.
F. Gadaleta, Y. Younan, and W. Joosen, “Bubble: A javascript engine level countermeasure against heap-spraying attacks,” in Engineering Secure Software and Systems, ser. Lecture Notes in Computer Science, vol. 5965. Springer, 2010, pp. 1–17.
M. Cova, C. Kruegel, and G. Vigna, “Detection and analysis of driveby download attacks and malicious javascript code,” in Proc. 19th international conference on World Wide Web, ser. WWW’10. ACM, 2010, pp. 281–290.
C. Song, J. Zhuge, X. Han, and Z. Ye, “Preventing drive-by download via inter-module communication monitoring,” in Proc. 5th ACM Symposium on Information, Computer and Communications Security, ser. ASIACCS’10. ACM, 2010, pp. 124–134.
Y. Cao, X. Pan, Y. Chen, J. Zhuge, “Jshield: towards real-time and vulnerability-based detection of polluted drive-by download attacks”, Proceedings of the 30th Annual Computer Security Applications Conference, pp. 466–475, 2014.
D. Harley and P.-M. Bureau, “Drive-by downloads from the trenches,” in Malicious and Unwanted Software, 2008. MALWARE 2008. 3rd International Conference on, 2008, pp. 98–103.
An Zhiyuan and Liu Haiyan, “Realization of buffer overflow,” in Information Technology and Applications (IFITA), 2010 International Forum on, 2010, pp. 347–349.
D. Esposito, “Browser Helper Objects: The Browser the WayYouWantIt.” [Online]. Available: https://msdn.microsoft.com/enus/library/bb250436(v=vs.85).aspx.
Alex Abramov, “API Hooking with MS Detours” [Online]. Available: https://www.codeproject.com/Articles/30140/API-Hooking-with-MS-Detours.
“Detours Framework.” [Online]. Available: https://www.microsoft.com/enus/research/project/detours/.
“Alexa Internet.” [Online]. Available: https://www.alexa.com.
“Metasploit Framework.” [Online]. Available: https://www.metasploit.com.
“Microsoft Security Bulletins” [Online]. Available: https://technet.microsoft.com/enus/library/security/dn631937.aspx.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Joshi, G., Padmavathy, R., Pinapati, A., Kumar, M.B. (2019). BrowserGuard2: A Solution for Drive-by-Download Attacks. In: Nath, V., Mandal, J. (eds) Proceeding of the Second International Conference on Microelectronics, Computing & Communication Systems (MCCS 2017). Lecture Notes in Electrical Engineering, vol 476. Springer, Singapore. https://doi.org/10.1007/978-981-10-8234-4_59
Download citation
DOI: https://doi.org/10.1007/978-981-10-8234-4_59
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-8233-7
Online ISBN: 978-981-10-8234-4
eBook Packages: EngineeringEngineering (R0)