Sciweavers

WWW
2011
ACM

Prophiler: a fast filter for the large-scale detection of malicious web pages

13 years 7 months ago
Prophiler: a fast filter for the large-scale detection of malicious web pages
Malicious web pages that host drive-by-download exploits have become a popular means for compromising hosts on the Internet and, subsequently, for creating large-scale botnets. In a drive-bydownload exploit, an attacker embeds a malicious script (typically written in JavaScript) into a web page. When a victim visits this page, the script is executed and attempts to compromise the browser or one of its plugins. To detect drive-by-download exploits, researchers have developed a number of systems that analyze web pages for the presence of malicious code. Most of these systems use dynamic analysis. That is, they run the scripts associated with a web page either directly in a real browser (running in a virtualized environment) or in an emulated browser, and they monitor the scripts’ executions for malicious activity. While the tools are quite precise, the analysis process is costly, often requiring in the order of tens of seconds for a single page. Therefore, performing this analysis on ...
Davide Canali, Marco Cova, Giovanni Vigna, Christo
Added 15 May 2011
Updated 15 May 2011
Type Journal
Year 2011
Where WWW
Authors Davide Canali, Marco Cova, Giovanni Vigna, Christopher Kruegel
Comments (0)