Sciweavers

ACSAC
2010
IEEE

Cujo: efficient detection and prevention of drive-by-download attacks

13 years 10 months ago
Cujo: efficient detection and prevention of drive-by-download attacks
The JavaScript language is a core component of active and dynamic web content in the Internet today. Besides its great success in enhancing web applications, however, JavaScript provides the basis for so-called drive-by downloads--attacks exploiting vulnerabilities in web browsers and their extensions for unnoticeably downloading malicious software. Due to the diversity and frequent use of obfuscation in these attacks, static code analysis is largely ineffective in practice. While dynamic analysis and honeypots provide means to identify drive-by-download attacks, current approaches induce a significant overhead which renders immediate prevention of attacks intractable. In this paper, we present Cujo, a system for automatic detection and prevention of drive-by-download attacks. Embedded in a web proxy, Cujo transparently inspects web pages and blocks delivery of malicious JavaScript code. Static and dynamic code features are extracted on-the-fly and analysed for malicious patterns usin...
Konrad Rieck, Tammo Krueger, Andreas Dewald
Added 10 Feb 2011
Updated 10 Feb 2011
Type Journal
Year 2010
Where ACSAC
Authors Konrad Rieck, Tammo Krueger, Andreas Dewald
Comments (0)