Annual Computer Security Applications Conference (ACSAC) 2012

Full Program »

Jarhead: Analysis and Detection of Malicious Java Applets

Presentation
View File
pdf
371KB
Paper
View File
pdf
173KB

Johannes Schlumberger
UC Santa Barbara
United States

Christopher Kruegel
UC Santa Barbara
United States

Giovanni Vigna
UC Santa Barbara
United States

Abstract:
Java applets have increasingly been used as a vector to deliver drive-by download attacks that bypass the sandboxing mechanisms of the browser's Java Virtual Machine and compromise the user's environment. Unfortunately, the research community has not given to this problem the attention it deserves, and, as a consequence, the state-of-the-art approaches to the detection of malicious Java applets are based either on simple signatures or on the use of honeyclients, which are both easily evaded. Therefore, we propose a novel approach to the detection of malicious Java applets based on static code analysis. Our approach extracts a number of features from Java applets, and then uses supervised machine learning to produce a classifier. We implemented our approach in a tool, called Jarhead, and we tested its effectiveness on a large, real-world dataset. The results of the evaluation show that, given a sufficiently large training dataset, this approach is able to reliably detect both known and previously-unseen real-world malicious applets.

 

Powered by OpenConf®
Copyright ©2002-2012 Zakon Group LLC