Annual Computer Security Applications Conference (ACSAC) 2012

Full Program »

Jarhead: Analysis and Detection of Malicious Java Applets

Java applets have increasingly been used as a vector to deliver drive-by download attacks that bypass the sandboxing mechanisms of the browser's Java Virtual Machine and compromise the user's environment. Unfortunately, the research community has not given to this problem the attention it deserves, and, as a consequence, the state-of-the-art approaches to the detection of malicious Java applets are based either on simple signatures or on the use of honeyclients, which are both easily evaded. Therefore, we propose a novel approach to the detection of malicious Java applets based on static code analysis. Our approach extracts a number of features from Java applets, and then uses supervised machine learning to produce a classifier. We implemented our approach in a tool, called Jarhead, and we tested its effectiveness on a large, real-world dataset. The results of the evaluation show that, given a sufficiently large training dataset, this approach is able to reliably detect both known and previously-unseen real-world malicious applets.

Author(s):

Johannes Schlumberger    
UC Santa Barbara
United States

Christopher Kruegel    
UC Santa Barbara
United States

Giovanni Vigna    
UC Santa Barbara
United States

 

Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC