Mitigating Drive-By Download Attacks: Challenges and Open Problems

被引:14
作者
Egele, Manuel [1 ]
Kirda, Engin [2 ]
Kruegel, Christopher [3 ]
机构
[1] Vienna Univ Technol, Secure Syst Lab, Vienna, Austria
[2] Inst Eurecom, Biot, France
[3] Univ Calif Santa Barbara, Santa Barbara, CA USA
来源
INETSEC 2009 - OPEN RESEARCH PROBLEMS IN NETWORK SECURITY | 2009年 / 309卷
基金
奥地利科学基金会;
关键词
Drive-by download attacks; browser security; malware;
D O I
10.1007/978-3-642-05437-2_5
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Malicious web sites perform drive-by download attacks to infect their visitors with malware. Current protection approaches rely on black- or white-listing techniques that are difficult to keep up-to-date. As todays drive-by attacks already employ encryption to evade network level detection we propose a series of techniques that can be implemented in web browsers to protect the user from such threats. In addition, we discuss challenges and open problems that these mechanisms face in order to be effective and efficient.
引用
收藏
页码:52 / +
页数:3
相关论文
共 28 条
[1]  
[Anonymous], 2006, SUPERBUDDY ACTIVEX C
[2]  
[Anonymous], 2006, NDSS
[3]  
[Anonymous], 2008, MICROSOFT OFFICE SNA
[4]  
[Anonymous], USENIX SEC S
[5]  
[Anonymous], FLASH PLAYER UPDATE
[6]  
[Anonymous], 2007, BUFFER OVERFLOW APPL
[7]  
Barwinslci M., 2006, EMPIRICAL STUDY DRIV
[8]  
Daniel M., 2008, 2 USENIX WORKSH OFF
[9]  
Egele M., 2009, DET INTR MA IN PRESS
[10]  
Egele M, 2007, USENIX ASSOCIATION PROCEEDINGS OF THE 2007 USENIX ANNUAL TECHNICAL CONFERENCE, P233
123