Abstract
Along with an increasing user population of various web applications, browser-based drive-by-download attacks soon become one of the most common security threats to the cyber community. A user using a vulnerable browser or browser plug-ins may become a victim of a drive-by-download attack right after visiting a vicious web site. The end result of such attacks is that an attacker can download and execute any code on the victim's host. This paper proposes a runtime, behavior-based solution, BrowserGuard, to protect a browser against drive-by-download attacks. BrowserGuard records the download scenario of every file that is loaded into a host through a browser. Then based on the download scenario, BrowserGuard blocks the execution of any file that is loaded into a host without the consent of a browser user. Due to its behavior-based detection nature, BrowserGuard does not need to analyze the source file of any web page or the run-time states of any script code, such as Javascript. BrowserGuard also does not need to maintain any exploit code samples and does not need to query the reputation value of any web site. We utilize the standard BHO mechanism of Windows to implement BrowserGuard on IE 7.0. Experimental results show that BrowserGuard has low performance overhead (less than 2.5%) and no false positives and false negatives for the web pages used in our experiments.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.