Using Static Program Analysis to Aid Intrusion Detection

Egele, Manuel; Szydlowski, Martin; Kirda, Engin; Kruegel, Christopher

doi:10.1007/11790754_2

Cited by 19 publications

(10 citation statements)

References 19 publications

(21 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…based on call graphs, to better analyze the malware. The graphs help to understand possible values of various parameters, which can help to develop defense mechanism against specific malware attacks [32]. However, some parts of the program cannot be analyzed statically, e.g.…”

Section: Static Analysismentioning

confidence: 99%

An Open Source, Extensible Malware Analysis Platform

Michalopoulos¹,

Ieronymakis²,

Khan³

et al. 2018

MATEC Web Conf.

View full text Add to dashboard Cite

Abstract.A malware (such as viruses, ransomware) is the main source of bringing serious security threats to the IT systems and their users now-adays. In order to protect the systems and their legitimate users from these threats, anti-malware applications are developed as a defense against malware. However, most of these applications detect malware based on signatures or heuristics that are still created manually and are error prune. Some recent applications employ data mining and machine learning techniques to detect malware automatically. However, such applications fail to classify them appropriately mainly because they suffer from high rate of false alarms on the one hand and being retrospective, fail to detect new unknown threats and variants of known malware on the other hand. Since anti-malware vendors receive a huge number of malware samples every day, there is an urgent need for malware analysis tools that can automatically detect malware rigorously, i.e. eliminating false alarms. To address these issues and challenges of current malware detection and analysis approaches, we propose a novel, open source and extensible platform (based on set of tools) that allows to combine various malware detection techniques to automatically detect/classify a malware more rigorously. The developed platform can be fed with malware samples from different providers and will enable the development of effective classification schemes and methods, which are not sufficiently effective without collaboration and the related sample aggregation. Furthermore, such collaborative platforms in cybersecurity enable efficient sharing of information (e.g., about new identified threats) to all collaborators and sharing of appropriate defences against them, if such defences exist.

show abstract

Section: Static Analysismentioning

confidence: 99%

An Open Source, Extensible Malware Analysis Platform

Michalopoulos¹,

Ieronymakis²,

Khan³

et al. 2018

MATEC Web Conf.

View full text Add to dashboard Cite

show abstract

“…Detecting SQL injection vulnerabilities by statically analyzing a web application's source code is performed by Xie et al in [39]. Egele et al [13] infer the data types and possible value sets of input parameters to web applications by applying static analysis. This information can be leveraged to fine-tune application level firewalls and help protect web applications from injection attacks.…”

Section: Related Workmentioning

confidence: 99%

A solution for the automated detection of clickjacking attacks

Balduzzi

Egele

Kirda

et al. 2010

Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security

Self Cite

View full text Add to dashboard Cite

Clickjacking is a web-based attack that has recently received a wide media coverage. In a clickjacking attack, a malicious page is constructed such that it tricks victims into clicking on an element of a different page that is only barely (or not at all) visible. By stealing the victim's clicks, an attacker could force the user to perform an unintended action that is advantageous for the attacker (e.g., initiate an online money transaction). Although clickjacking has been the subject of many discussions and alarming reports, it is currently unclear to what extent clickjacking is being used by attackers in the wild, and how significant the attack is for the security of Internet users.In this paper, we propose a novel solution for the automated and efficient detection of clickjacking attacks. We describe the system that we designed, implemented and deployed to analyze over a million unique web pages. The experiments show that our approach is feasible in practice. Also, the empirical study that we conducted on a large number of popular websites suggests that clickjacking has not yet been largely adopted by attackers on the Internet.

show abstract

“…Static analyses have been applied to detect vulnerabilities in server-side web applications [1,6,19,22,34]. These complement our client-centric approach.…”

Section: Related Workmentioning

confidence: 99%

Using static analysis for Ajax intrusion detection

Guha

Krishnamurthi

Jim

2009

Proceedings of the 18th International Conference on World Wide Web

117

View full text Add to dashboard Cite

We present a static control-flow analysis for JavaScript programs running in a web browser. Our analysis tackles numerous challenges posed by modern web applications including asynchronous communication, frameworks, and dynamic code generation. We use our analysis to extract a model of expected client behavior as seen from the server, and build an intrusion-prevention proxy for the server: the proxy intercepts client requests and disables those that do not meet the expected behavior. We insert random asynchronous requests to foil mimicry attacks. Finally, we evaluate our technique against several real applications and show that it protects against an attack in a widely-used web application.

show abstract

Using Static Program Analysis to Aid Intrusion Detection

Cited by 19 publications

References 19 publications

An Open Source, Extensible Malware Analysis Platform

An Open Source, Extensible Malware Analysis Platform

A solution for the automated detection of clickjacking attacks

Using static analysis for Ajax intrusion detection

Contact Info

Product

Resources

About