Detecting Browser-Based Probing Attacks via Behavior Analysis
Download: Paper (PDF)
Date: 27 Jul 2015
Document Type: Briefing Papers
Associated Event: NDSS Symposium 2015
Abstract:
We develop a solution to automatically detect probing behaviors in malicious websites. We intercept essential API calls, which are among the interfaces between major browser components, such as the document object model (DOM) and the JavaScript engine. As an example, the behaviors we monitor include DOM modification and system resource access. We then analyze the behaviors intercepted, and detect the abnormal behaviors demonstrated by the malicious websites.