Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks

No abstract is available for this paper.

• Publication year

  2009

• Venue

  International Conference on Detection of intrusions and malware, and vulnerability assessment

• Publication date

  2009-06-29

• Fields of study

  Computer Science

• Identifiers
  DOI 10.1007/978-3-642-02918-9_6
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Spamalytics: an empirical analysis of spam marketing conversion

  2009cited by this paper
• All Your iFRAMEs Point to Us

  2008cited by this paper
• Engineering Heap Overflow Exploits with JavaScript

  2008cited by this paper
• Ghost Turns Zombie: Exploring the Life Cycle of Web-based Malware

  2008cited by this paper
• Caffeine Monkey: Automated Collection, Detection and Analysis of Malicious JavaScript

  2007cited by this paper
• Panorama: capturing system-wide information flow for malware detection and analysis

  2007cited by this paper
• Dynamic Spyware Analysis

  2007cited by this paper
• Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis

  2007cited by this paper
• Vulnerability Detection in ActiveX Controls through Automated Fuzz Testing

  2007cited by this paper
• The Ghost in the Browser: Analysis of Web-based Malware

  2007cited by this paper
• A Taxonomy of Botnet Structures

  2007cited by this paper
• Emulation-Based Detection of Non-self-contained Polymorphic Shellcode

  2007cited by this paper
• Toward Automated Dynamic Malware Analysis Using CWSandbox

  2007cited by this paper
• Behavior-based Spyware Detection

  2006cited by this paper
• Detection of Intrusions and Malware & Vulnerability Assessment, Third International Conference, DIMVA 2006, Berlin, Germany, July 13-14, 2006, Proceedings

  2006cited by this paper
• Network-level polymorphic shellcode detection using emulation

  2006cited by this paper
• Detecting malicious JavaScript code in Mozilla

  2005cited by this paper
• A Virtual Machine Introspection Based Architecture for Intrusion Detection

  2003cited by this paper
• Accurate Buffer Overflow Detection via Abstract Payload Execution

  2002cited by this paper
• Snort - Lightweight Intrusion Detection for Networks

  1999cited by this paper
• Bro: a system for detecting network intruders in real-time

  1998influential reference
• Cooperative Association for Internet Data Analysis Caida Activities

  year unknowncited by this paper

• JITBULL: Securing JavaScript Runtime with a Go/No-Go Policy for JIT Engine

  2024cites this paper
• Tail Call Optimization Tailored for Native Stack Utilization in JavaScript Runtimes

  2024cites this paper
• A URL-Based Social Semantic Attacks Detection With Character-Aware Language Model

  2023cites this paper
• Binary Exploitation in Industrial Control Systems: Past, Present and Future

  2022cites this paper
• Glyph: Efficient ML-Based Detection of Heap Spraying Attacks

  2021cites this paper
• Malicious JavaScript Detection Based on Bidirectional LSTM Model

  2020cites this paper
• Computational Resource Abuse in Web Applications

  2020influential citation
• Detecting Exploit Websites Using Browser-based Predictive Analytics

  2019cites this paper
• Detection and Analysis of Drive-by Downloads and Malicious Websites

  2019cites this paper
• Making IoT Worthy of Human Trust

  2019cites this paper
• JSAC: A Novel Framework to Detect Malicious JavaScript via CNNs over AST and CFG

  2019cites this paper
• A systematic analysis and hardening of the Java security architecture

  2019cites this paper
• THE EFFECTS OF SECURITY PROTOCOLS ON CYBERCRIME AT AHMADU BELLO UNIVERSITY, ZARIA, NIGERIA

  2018cites this paper
• Race to the bottom: embedded control systems binary security : an industrial control system protection approach

  2018cites this paper
• Detection and analysis of web-based malware and vulnerability

  2018cites this paper
• RAPID: Resource and API-Based Detection Against In-Browser Miners

  2018cites this paper
• Understanding and detecting newly emerging attack vectors in cybercrimes

  2018cites this paper
• BrowserGuard2: A Solution for Drive-by-Download Attacks

  2018cites this paper
• Size Previous size Segment Index Flags Unused Tag Index Flink

  2017cites this paper
• Fatal injection: a survey of modern code injection attack countermeasures

  2017cites this paper
• Web Browser Security: Different Attacks Detection and Prevention Techniques

  2017cites this paper
• Inhibiting Browser Fingerprinting and Tracking

  2017cites this paper
• PDF Forensic Analysis System using YARA

  2017cites this paper
• Secure interfaces for a person-to-person service exploitation Infrastructure

  2017cites this paper
• Utilising the concept of human-as-a-security-sensor for detecting semantic social engineering attacks

  2017cites this paper
• A behavioural study in runtime analysis environments and drive-by download attacks

  2017cites this paper
• Securing software systems by preventing information leaks

  2017cites this paper
• Kizzle: A Signature Compiler for Exploit Kits

  2017cites this paper
• Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying

  2017cites this paper
• Automatic model learning and its applications in malware detection

  2017cites this paper
• Jurisdictional arbitrage: quantifying and counteracting the threat of government intelligence agencies against Tor.

  2017cites this paper
• Modular Synthesis of Heap Exploits

  2017cites this paper
• An Empirical Study of HTTP-based Financial Botnets

  2016cites this paper
• Threat Detection in Program Execution and Data Movement: Theory and Practice

  2016cites this paper
• A Brief Survey of Detection and Mitigation Techniques for Clickjacking and Drive-by Download Attacks

  2016cites this paper
• ICIMP 2016 Proceedings

  2016cites this paper
• MalJs: Lexical, Structural and Behavioral Analysis of Malicious JavaScripts Using Ensemble Classifier

  2016cites this paper
• Building Privacy-Preserving Cryptographic Credentials from Federated Online Identities

  2016cites this paper
• Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks

  2016cites this paper
• Drive-by-Download Malware Detection in Hosts by Analyzing System Resource Utilization Using One Class Support Vector Machines

  2016cites this paper
• Secure Short URL Generation Method that Recognizes Risk of Target URL

  2016cites this paper
• Shellix: An Efficient Approach for Shellcode Detection

  2016cites this paper
• You Are Probably Not the Weakest Link: Towards Practical Prediction of Susceptibility to Semantic Social Engineering Attacks

  2016cites this paper
• Kizzle: A Signature Compiler for Detecting Exploit Kits

  2016cites this paper
• Code-Stop: Code-Reuse Prevention By Context-Aware Traffic Proxying

  2016cites this paper
• VILEEAR : Detection of Drive by Download attack on Malicious Web Pages

  2015cites this paper
• Enhanced Analysis Method for Suspicious PDF Files

  2015cites this paper
• Detection and classification of malicious JavaScript via attack behavior modelling

  2015influential citation
• Accurate shellcode recognition from network traffic data using artificial neural nets

  2015cites this paper
• JSDC: A Hybrid Approach for JavaScript Malware Detection and Classification

  2015cites this paper
• Static code analysis and detection of multiple malicious Java applets using SVM

  2015cites this paper
• Empirical Measurement of Defense in Depth

  2015cites this paper
• EKHunter: A Counter-Offensive Toolkit for Exploit Kit Infiltration

  2015cites this paper
• JSOD: JavaScript obfuscation detector

  2015cites this paper
• Identifying Memory Address Disclosures

  2015cites this paper
• Using Hardware Isolated Execution Environments for Securing Systems

  2015cites this paper
• WYSISNWIV: What You Scan Is Not What I Visit

  2015cites this paper
• A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks

  2015cites this paper
• Safe Internet Browsing Using a Transparent Virtual Browser

  2015cites this paper
• Network Intrusion Detection Systems in Data Centers

  2015cites this paper
• STROP: Static Approach for Detection of Return-Oriented Programming Attack in Network

  2015cites this paper
• Real time detection of malicious webpages using machine learning techniques

  2015cites this paper
• Kizzle : A Signature Compiler for Exploit Kits MSR-TR-2015-12

  2015cites this paper
• Assessing Real-Time Malware Threats

  2015cites this paper
• Isolating and Restricting Client-Side JavaScript

  2015cites this paper
• Anomaly Detection Through System and Program Behavior Modeling

  2014cites this paper
• Identifying Code Injection and Reuse Payloads In Memory Error Exploits

  2014cites this paper
• Co-editors-in-chief Editorial Board Members on Visual Assessment of Software Quality Generating Graphical User Interfaces from Precise Domain Specifications on Visual Assessment of Software Quality

  2014cites this paper
• On Emulation-Based Network Intrusion Detection Systems

  2014cites this paper
• Deliverable D7.4: Final Report on Cyberattacks

  2014cites this paper
• A European Network of Excellence in Managing Threats and Vulnerabilities in the Future Internet: Europe for the World y

  2014cites this paper
• APTs way: evading Your EBNIDS

  2014cites this paper
• Dynamic Analysis of Web Objects

  2014cites this paper
• Efficient and effective realtime prediction of drive-by download attacks

  2014cites this paper
• YALIH, Yet Another Low Interaction Honeyclient

  2014cites this paper
• Lobotomy: An Architecture for JIT Spraying Mitigation

  2014cites this paper
• On the effectiveness of risk prediction based on users browsing behavior

  2014cites this paper
• Measuring Drive-by Download Defense in Depth

  2014cites this paper
• Towards A Write ⊕ Execute Architecture For JIT Interpreters

  2014cites this paper
• Evaluation with uncertainty

  2014cites this paper
• A Realtime Malware Detection Technique Using Multiple Filter

  2014cites this paper
• SeCom: A Novel Approach for MalwareConfiscation in OS level Virtual Machines

  2014cites this paper
• Challenges in developing Capture-HPC exclusion lists

  2014cites this paper
• A survey on real world botnets and detection mechanisms

  2014cites this paper
• UAC: A Lightweight and Scalable Approach to Detect Malicious Web Pages

  2014cites this paper
• Detection of shellcodes in drive-by attacks using kernel machines

  2014cites this paper
• Growing Grapes in Your Computer to Defend Against Malware

  2014cites this paper
• Yet Another Low Interaction Honeyclient

  2014cites this paper
• Detection of Heap-Spraying Attacks Using String Trace Graph

  2014cites this paper
• SafeBrowsingCloud: Detecting Drive-by-Downloads Attack Using Cloud Computing Environment

  2014cites this paper
• Malicious JavaScript Detection by Features Extraction

  2014cites this paper
• JShield: towards real-time and vulnerability-based detection of polluted drive-by download attacks

  2014cites this paper
• Detecting Malicious Javascript in PDF through Document Instrumentation

  2014cites this paper
• Reinforcing the weakest link in cyber security: securing systems and software against attacks targeting unwary users

  2013cites this paper
• Detecting machine-morphed malware variants via engine attribution

  2013cites this paper
• HeapSentry: Kernel-Assisted Protection against Heap Overflows

  2013cites this paper
• De-obfuscation and Detection of Malicious PDF Files with High Accuracy

  2013cites this paper
• Anatomy of Drive-by Download Attack

  2013influential citation
• JStill: mostly static detection of obfuscated malicious JavaScript code

  2013cites this paper
• FCScan: A New Lightweight and Effective Approach for Detecting Malicious Content in Electronic Documents

  2013cites this paper