Presentation is loading. Please wait.

Presentation is loading. Please wait.

Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.

Published byDevon Reese Modified over 10 years ago

Similar presentations

Presentation on theme: "Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department."— Presentation transcript:

1 Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department

2  drive-by-download - when visiting a URL causes malware to be installed on a computer  This is a ‘pull-based’ attack  Made possible by:  Web server security flaws  Browser security flaws  Social engineering Video taken from: http://www.watchguard.com/education/video/play.asp?vid=dbd-cubecast

3  There are many ways to put a drive-by- download exploit online:  Launch your own website  Break into someone else’s website  Post user contributed content to a website  Use third-party online advertising  Use a third-party widget (i.e. a traffic counter) From: Provos N., McNamee, D., Mavrommatis P., Wang, K., and Modadugu, N. The Ghost in the Browser: Analysis of Web-based Malware. In Proceedings of the first USENIX workshop on hot topics in Botnets (HotBots’07). (April 2007)

4 From: Provos N., Mavrommatis P., Rajab M. A., and Monrose, F. All Your iFRAMEs Point to Us. In Proceedings of the USENIX Security Symposium (July 2008)  Search of pages indexed by Google found over 3 million unique malicious URL s executing drive-by-downloads  Distribution of malicious sites not significantly skewed towards ‘gray content’ Data collection periodJan – Oct 2007 Total URLs checked in-depth66,534,330 Unique suspicious landing URLs3,385,889 Unique malicious landing URLs3,417,590 Unique malicious landing sites181,699 Unique distribution sites9,340

5  Most approaches to detecting drive-by- downloads focus only on the computer itself  A lot can be seen by considering the user’s input as well  User usually clicks a link or ‘Save Target As…’ before downloading an executable  We can clearly make use of this to help create a much stronger detection method

6  Taking this approach to detect drive-by- downloads, we will:  Check for user clicks and associate them with downloads recorded in file system data  If we cannot find user input to associate with a download, consider it suspicious  Ensure the user input is not faked by the attacker

7  Will be implemented on Windows  Popular; most drive-by-downloads on Windows  Has convenient tool for monitoring file system events ( FileMon or ProcMon )  Closed source; parts of API unavailable  We use the Firefox extension tlogger to handle user input  Write a program that takes the file system data from FileMon and user action data from tlogger and flags any ‘suspicious’ downloads

8  Authenticating the user input  Trusted Platform Module (TPM) can be used  Making input logger platform independent  Test on both real-world techniques and synthesized ones  Improve performance accuracy  Find a good tolerance for the time between user click and start of download

9

Download ppt "Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department."

Similar presentations

Web 2.0 Programming 1 © Tongji University, Computer Science and Technology. Web Web Programming Technology 2012.

Web 2.0 Programming 1 © Tongji University, Computer Science and Technology. Web Web Programming Technology 2012.
Cindy Royal Associate Professor Texas State University facebook.com/cindyroyal linkedin.com/in/cindyroyal Curating Stories with.

Cindy Royal Associate Professor Texas State University facebook.com/cindyroyal linkedin.com/in/cindyroyal Curating Stories with.
Internet Jeopardy 1 Basic Computer Study Guide By Leigh Lewis 12/14/07.

Internet Jeopardy 1 Basic Computer Study Guide By Leigh Lewis 12/14/07.
First, some basic info. What is iTunes U? What is a podcast?

First, some basic info. What is iTunes U? What is a podcast?
Viruses & Spyware A Module of the CYC Course – Computer Security 8-28-10.

Viruses & Spyware A Module of the CYC Course – Computer Security
1 How To Use a Browser A Module of the CYC Course – Computer Basics 8-28-10.

1 How To Use a Browser A Module of the CYC Course – Computer Basics
The Internet and the Web

The Internet and the Web
WORDPRESS. SEO AKA – “Search Engine Optimization” Technique to make sure large search engines like Google, Yahoo, and Bing find your site and let others.

WORDPRESS. SEO AKA – “Search Engine Optimization” Technique to make sure large search engines like Google, Yahoo, and Bing find your site and let others.
BLADE: An Attack-Agnostic Approach for Preventing Drive-By Malware Infections, L. Lu et al. BLADE: An Attack-Agnostic Approach for Preventing Drive-By.

BLADE: An Attack-Agnostic Approach for Preventing Drive-By Malware Infections, L. Lu et al. BLADE: An Attack-Agnostic Approach for Preventing Drive-By.
Revealing the Secrets: Source Code Disclosure, Techniques, and Impacts.

Revealing the Secrets: Source Code Disclosure, Techniques, and Impacts.
Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.

Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.
Google Docs is a free, web-based office suite offered by Google within its Google Drive service. It was formerly a storage service as well, but has since.

Google Docs is a free, web-based office suite offered by Google within its Google Drive service. It was formerly a storage service as well, but has since.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.

IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.
Presentation Outline  Project Aims  Introduction of Digital Video Library  Introduction of Our Work  Considerations and Approach  Design and Implementation.

Presentation Outline  Project Aims  Introduction of Digital Video Library  Introduction of Our Work  Considerations and Approach  Design and Implementation.
Web Based Attacks SymantecDefense Fantastic Four Casey Ford Mike Lombardo Ragnar Olson Maninder Singh.

Web Based Attacks SymantecDefense Fantastic Four Casey Ford Mike Lombardo Ragnar Olson Maninder Singh.
Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?

Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?
Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.

Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.
“IT Solutions for Tourism Industry” CAPS Workshop Yerevan April 14, 2009.

“IT Solutions for Tourism Industry” CAPS Workshop Yerevan April 14, 2009.
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

Similar presentations

Ads by Google