CSR: Small: Non-Invasive Detection of Malicious Javascript at Web Browsers

Information

  • NSF Award
  • 1063745
Owner
  • Award Id
    1063745
  • Award Effective Date
    9/1/2010 - 14 years ago
  • Award Expiration Date
    5/31/2014 - 10 years ago
  • Award Amount
    $ 142,050.00
  • Award Instrument
    Continuing grant

CSR: Small: Non-Invasive Detection of Malicious Javascript at Web Browsers

Most websites use javascript to provide personalized content to the users. At the same time, more and more attackers are using the web to deliver their attacks, especially with malicious javascript. Malicious javascript detection needs to be fast enough so that it does not interfere with users' normal activities (non-invasive), and yet effective enough to protect them from the majority of attacks. Rule-based or signature-based detection mechanisms often fail to detect obfuscated and malicious javascript. Behavior-based detection mechanisms are more robust against obfuscation, and have been effective in identifying variants of known attacks. However, monitoring behavior during execution usually is rather invasive, as it requires too much time and resources to be used in web browsers while users are interacting with websites. <br/><br/>This project investigates non-invasive detection of malicious javascript using classifiers (data mining techniques) trained on malicious scripts, including obfuscated scripts. Preliminary results show that it is possible to detect the vast majority of malicious scripts without full-blown de-obfuscation, while labeling very few benign scripts as malicious. As the detection mechanism correctly identifies most benign scripts, resource-intensive detection mechanisms can use this method to filter most benign scripts and focus on the remainder only. <br/><br/>Key elements of the envisioned solutions are: (a) automatic collection of malicious javascript; (b) partial de-obfuscator that will extract features for classifiers; (c) classifiers that assess the maliciousness of scripts; (d) redirection graphs that chronicle the connections between websites hosting known malicious scripts; (e) feedback mechanism to assist javascript collection and classifier re-training.

  • Program Officer
    M. Mimi McClure
  • Min Amd Letter Date
    2/8/2011 - 13 years ago
  • Max Amd Letter Date
    1/3/2012 - 13 years ago
  • ARRA Amount

Institutions

  • Name
    University of San Francisco
  • City
    San Francisco
  • State
    CA
  • Country
    United States
  • Address
    Contracts and Grants
  • Postal Code
    941171080
  • Phone Number
    4154225203

Investigators

  • First Name
    Eunjin
  • Last Name
    Jung
  • Email Address
    ejung2@usfca.edu
  • Start Date
    2/8/2011 12:00:00 AM
  • First Name
    Peter
  • Last Name
    Likarish
  • Email Address
    plikarish@drew.edu
  • Start Date
    12/5/2011 12:00:00 AM

Program Element

  • Text
    COMPUTER SYSTEMS
  • Code
    7354

Program Reference

  • Text
    SMALL PROJECT
  • Code
    7923
  • Text
    WOMEN, MINORITY, DISABLED, NEC
  • Code
    9102