Tesi etd-11162014-150420 |
Link copiato negli appunti
Tipo di tesi
Tesi di laurea magistrale
Autore
VECERE, GIACOMO
URN
etd-11162014-150420
Titolo
Browdom: Detecting malicious web pages directly within the browser
Dipartimento
INGEGNERIA DELL'INFORMAZIONE
Corso di studi
COMPUTER ENGINEERING
Relatori
relatore Prof. Dini, Gianluca
relatore Prof. Marcelloni, Francesco
relatore Prof. Marcelloni, Francesco
Parole chiave
- security
- malware detection
- malicious web page
- chrome
Data inizio appello
11/12/2014
Consultabilità
Completa
Riassunto
Nowadays, most of the malware authors target web browsers and their plugins
in order to steal personal information and gain control of the infected machine.
They take advantage of the vulnerabilities present in the user’s system and the
lack of critical security updates (from a recent study, it appears that in about
87% of all analysed computers, critical software security updates are missing [2]).
The cybercriminals’ vector of choice to deliver malware stealthily on a user’s
machine is a drive-by download attack. Using this technique, the attacker is
able to infect a computer without the user interaction, by exploiting the vulnerabilities
present on the browser or on its plugins. Even more, these attacks
are often unleashed from legitimate sites, which have been compromised.
In this thesis we present a novel approach to the detection of malicious
URLs. We designed and implemented a malware detection system, which is
called Browdom, directly within the browser, as an extension of the Google
Chrome browser. The tool is able to detect the malicious behavior of a web
page by tracking its actions, and detecting most malicious behaviors. Browdom
creates a log composed by many different traces associated to events that happen
during the loading and the execution of the page, and that can be related to
a malicious behavior. The features extracted from the log derive from both
the HTML and the JavaScript code, the host information and the URL of the
web page. A classification model is derived using this information and machinelearning
techniques applied to labeled datasets.
Since Browdom executes inside a popular browser, it can be effective in protecting
users right on their own machines. Because of this, all the sophisticated
techniques to detect virtualized analysis environments, which malware authors
have perfected over the years, are ineffective against Browdom.
We performed experiments in order to demonstrate the effectiveness of Browdom.
We analysed and discussed its performance in terms of overhead, accuracy
and throughput.
in order to steal personal information and gain control of the infected machine.
They take advantage of the vulnerabilities present in the user’s system and the
lack of critical security updates (from a recent study, it appears that in about
87% of all analysed computers, critical software security updates are missing [2]).
The cybercriminals’ vector of choice to deliver malware stealthily on a user’s
machine is a drive-by download attack. Using this technique, the attacker is
able to infect a computer without the user interaction, by exploiting the vulnerabilities
present on the browser or on its plugins. Even more, these attacks
are often unleashed from legitimate sites, which have been compromised.
In this thesis we present a novel approach to the detection of malicious
URLs. We designed and implemented a malware detection system, which is
called Browdom, directly within the browser, as an extension of the Google
Chrome browser. The tool is able to detect the malicious behavior of a web
page by tracking its actions, and detecting most malicious behaviors. Browdom
creates a log composed by many different traces associated to events that happen
during the loading and the execution of the page, and that can be related to
a malicious behavior. The features extracted from the log derive from both
the HTML and the JavaScript code, the host information and the URL of the
web page. A classification model is derived using this information and machinelearning
techniques applied to labeled datasets.
Since Browdom executes inside a popular browser, it can be effective in protecting
users right on their own machines. Because of this, all the sophisticated
techniques to detect virtualized analysis environments, which malware authors
have perfected over the years, are ineffective against Browdom.
We performed experiments in order to demonstrate the effectiveness of Browdom.
We analysed and discussed its performance in terms of overhead, accuracy
and throughput.
File
| Nome file | Dimensione |
|---|---|
| VecereGi...hesis.pdf | 12.48 Mb |
Contatta l’autore |
|