Presentation is loading. Please wait.

Presentation is loading. Please wait.

Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department."— Presentation transcript:

1 Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department

2  drive-by-download - when visiting a URL causes malware to be installed on a computer  Most approaches to detecting drive-by- downloads focus only on server-side solutions or browser security  We can use the user’s input to validate each download when it occurs

3  Implemented on Windows  Popular; most drive-by-downloads on Windows  Has convenient tool for monitoring file system events ( Process Monitor ) Process Monitor  Closed source; parts of API unavailable  We used the Firefox extension tlogger to handle user input tlogger  Wrote a program that takes the file system data from ProcMon and user action data from tlogger and flags any ‘suspicious’ downloads

4  ProcMon doesn’t save its data in real-time  minispy is a sample program supplied with the Windows Driver Kit that works just like ProcMon minispy  Some websites redirect through a chain of pages before reaching the download (e.g. download.com)  In practice, there is a long lag time between a link click and file creation  It may not be possible to track the user clicking the ‘Save File’ button

5 User Kernel DBD Analyzer Web Browser Input Monitor File System Monitor Operating System

6 User Kernel DBD Analyzer Firefox tlogger Modified minispy Modified minispy Windows &

7  Tracks, using ProcMon/minispy, for the creation of files by Firefox  When a file is created by Firefox, the analyzer searches through the entries in the tlogger data file for a corresponding user input  As long as the input occurred within a time limit from the file creation, it is a valid download

8  Windows is not compromised  Firefox and tlogger are not compromised  No file overwrites occur in any file downloads  File creation occurs in legitimate downloads within a short time of the user input that initiated it

9  Want to test:  Effectiveness of solution ▪ Particularly false positive/negative rates  Performance and Usability ▪ Overhead on system ▪ Whether it is obtrusive to the user  Will do both:  User study  Partially automated testing

10  Authenticating the user input  Trusted Platform Module (TPM) can be used  Making input logger platform independent  Test on both real-world techniques and synthesized ones  Find better input to track  Find some way to track the user’s clicking the ‘Save File’ button

11  Thanks to:  Mentor Danfeng Yao  Qiang Ma  DIMACS Faculty

12

Download ppt "Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department."

Similar presentations

Viruses & Spyware A Module of the CYC Course – Computer Security 8-28-10.

Viruses & Spyware A Module of the CYC Course – Computer Security
Using the Self Service BMC Helpdesk

Using the Self Service BMC Helpdesk
BLADE: An Attack-Agnostic Approach for Preventing Drive-By Malware Infections, L. Lu et al. BLADE: An Attack-Agnostic Approach for Preventing Drive-By.

BLADE: An Attack-Agnostic Approach for Preventing Drive-By Malware Infections, L. Lu et al. BLADE: An Attack-Agnostic Approach for Preventing Drive-By.
Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.

Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.
Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.

Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Urchin & Website Usability. Usability Study Usability study is a repetitive process that involves testing a site and then using the test results to change.

Urchin & Website Usability. Usability Study Usability study is a repetitive process that involves testing a site and then using the test results to change.
A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared.

A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared.
James Tam Web Browsers In this section of notes you will learn about the web browsing process, some of the important features of popular browsers and a.

James Tam Web Browsers In this section of notes you will learn about the web browsing process, some of the important features of popular browsers and a.
Building Robust and Automatic Authentication Systems with Activity- Based Personal Questions Mentor: Danfeng Yao Anitra Babic Chestnut Hill College Computer.

Building Robust and Automatic Authentication Systems with Activity- Based Personal Questions Mentor: Danfeng Yao Anitra Babic Chestnut Hill College Computer.
Symantec AntiVirus Update Mark Reynolds Manager of Support Services Technology Support Services Michael Satut Manager of Distributed Support Services Technology.

Symantec AntiVirus Update Mark Reynolds Manager of Support Services Technology Support Services Michael Satut Manager of Distributed Support Services Technology.
This is your desktop. Open a browser and Click on this link.

This is your desktop. Open a browser and Click on this link.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Automated Web Patrol with Strider HoneyMonkeys Present by Zhichun Li.

Automated Web Patrol with Strider HoneyMonkeys Present by Zhichun Li.
Internet Security PA Turnpike Commission. Internet Security Practices, rule #1: Be distrustful when using the Internet!

Internet Security PA Turnpike Commission. Internet Security Practices, rule #1: Be distrustful when using the Internet!
Help Manual for Tender Download on DAE portal.. Open the Internet Explorer and type the URL of the portal. In this case we are considering the example.

Help Manual for Tender Download on DAE portal.. Open the Internet Explorer and type the URL of the portal. In this case we are considering the example.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Showing you the path to Internet. Daniel Durán Benjamin Keltjens.

Showing you the path to Internet. Daniel Durán Benjamin Keltjens.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis Authors: Heng Yin, Dawn Song, Manuel Egele, Christoper Kruegel, and.

Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis Authors: Heng Yin, Dawn Song, Manuel Egele, Christoper Kruegel, and.

Similar presentations

Ads by Google