Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intelligent Detection of Malicious Script Code CS194, 2007-08 Benson Luk Eyal Reuveni Kamron Farrokh Advisor: Adnan Darwiche.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Intelligent Detection of Malicious Script Code CS194, 2007-08 Benson Luk Eyal Reuveni Kamron Farrokh Advisor: Adnan Darwiche."— Presentation transcript:

1 Intelligent Detection of Malicious Script Code CS194, 2007-08 Benson Luk Eyal Reuveni Kamron Farrokh Advisor: Adnan Darwiche

2 Goals for the Quarter Phase I Set up machine for testing environment Set up machine for testing environment Ensure that “whitelist” is clean Ensure that “whitelist” is clean Phase II Modify crawler to output only necessary data. This means: Modify crawler to output only necessary data. This means: Grab only necessary information from webcrawling resultsGrab only necessary information from webcrawling results Listen into Internet Explorer’s Javascript interpreter and output relevant behaviorListen into Internet Explorer’s Javascript interpreter and output relevant behavior

3 Completed Tasks Phase I Configured machine with Norton Antivirus and Heritrix web crawler Configured machine with Norton Antivirus and Heritrix web crawler Webcrawler will be used to grab additional URLs, and Norton Antivirus will be used to verify that a URL has not launched an attackWebcrawler will be used to grab additional URLs, and Norton Antivirus will be used to verify that a URL has not launched an attack Created a Python script to ensure that visited sites are clean Created a Python script to ensure that visited sites are clean Captures Norton’s web attack logs before and after loading a site in Internet Explorer, then compares the logs for new entries and signals whether or not a site’s data should be discardedCaptures Norton’s web attack logs before and after loading a site in Internet Explorer, then compares the logs for new entries and signals whether or not a site’s data should be discarded Phase II Configured Heritrix to run specific crawls that target a set of domains, and output minimal information Configured Heritrix to run specific crawls that target a set of domains, and output minimal information The purpose is to gather as many URLs with scripts as possible for a large sample baseThe purpose is to gather as many URLs with scripts as possible for a large sample base Created a parser for Heritrix logs to filter out irrelevant websites Created a parser for Heritrix logs to filter out irrelevant websites For example, we are omitting URLs that point to images since they will not contain scriptsFor example, we are omitting URLs that point to images since they will not contain scripts

4 Pending Tasks and Difficulties Phase I Ensure whitelist is clean Ensure whitelist is clean This can be a time-consuming task given the massive size of the list; we are going to start with a small subset of the list for nowThis can be a time-consuming task given the massive size of the list; we are going to start with a small subset of the list for now With our scripts we can also check for cleanliness as we load URLsWith our scripts we can also check for cleanliness as we load URLs Acquire a larger hard drive for the computer, as to be able to store the data from the crawls Acquire a larger hard drive for the computer, as to be able to store the data from the crawls We have been unable to run a large crawl on the machine due to low hard drive spaceWe have been unable to run a large crawl on the machine due to low hard drive space Phase II Figure out how to “listen in” on the Javascript interpreter in Internet Explorer and output relevant information about the scripts currently running Figure out how to “listen in” on the Javascript interpreter in Internet Explorer and output relevant information about the scripts currently running This requires intimate knowledge of Internet Explorer and will likely consume too much time to develop from the ground upThis requires intimate knowledge of Internet Explorer and will likely consume too much time to develop from the ground up

5 Direction for Next Quarter Obtain resources and/or software from Symantec for listening in on Javascript interpreter Obtain resources and/or software from Symantec for listening in on Javascript interpreter Install a larger hard drive, ~750 GB Install a larger hard drive, ~750 GB Design and create a database to store information about the scripts Design and create a database to store information about the scripts Research and design an intelligent learning algorithm to read in and analyze the data Research and design an intelligent learning algorithm to read in and analyze the data

Download ppt "Intelligent Detection of Malicious Script Code CS194, 2007-08 Benson Luk Eyal Reuveni Kamron Farrokh Advisor: Adnan Darwiche."

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Section 3.2: Operating Systems Security

Section 3.2: Operating Systems Security
A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared.

A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Server-Side vs. Client-Side Scripting Languages

Server-Side vs. Client-Side Scripting Languages
1 Chapter 12 Working With Access 2000 on the Internet.

1 Chapter 12 Working With Access 2000 on the Internet.
Intelligent Detection of Malicious Script Code CS194, 2007-08 Benson Luk Eyal Reuveni Kamron Farrokh Advisor: Adnan Darwiche.

Intelligent Detection of Malicious Script Code CS194, Benson Luk Eyal Reuveni Kamron Farrokh Advisor: Adnan Darwiche.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
Exploring Latency Constraints of Co-Processing Boards Grant Jenks UCLA.

Exploring Latency Constraints of Co-Processing Boards Grant Jenks UCLA.
Intelligent Detection of Malicious Script Code CS194, 2007-08 Benson Luk Eyal Reuveni Kamron Farrokh Advisor: Adnan Darwiche Sponsored by Symantec.

Intelligent Detection of Malicious Script Code CS194, Benson Luk Eyal Reuveni Kamron Farrokh Advisor: Adnan Darwiche Sponsored by Symantec.
Crawler-Based Search Engine By: Bryan Chapman, Ryan Caplet, Morris Wright.

Crawler-Based Search Engine By: Bryan Chapman, Ryan Caplet, Morris Wright.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Spring 2008 www.umsl.edu/~iclabs. Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.

Spring Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.

Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
CP476 Internet Computing Browser and Web Server 1 Web Browsers A client software program that allows you to access and view Web pages on the Internet –Examples.

CP476 Internet Computing Browser and Web Server 1 Web Browsers A client software program that allows you to access and view Web pages on the Internet –Examples.
Knowledge is Power Marketing Information System (MIS) determines what information managers need and then gathers, sorts, analyzes, stores, and distributes.

Knowledge is Power Marketing Information System (MIS) determines what information managers need and then gathers, sorts, analyzes, stores, and distributes.
Secure Search Engine Ivan Zhou Xinyi Dong. Project Overview  The Secure Search Engine project is a search engine that utilizes special modules to test.

Secure Search Engine Ivan Zhou Xinyi Dong. Project Overview  The Secure Search Engine project is a search engine that utilizes special modules to test.
Automated Malware Analysis

Automated Malware Analysis
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Similar presentations

Ads by Google