Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.

Slides:



Advertisements
Similar presentations
Viruses & Spyware A Module of the CYC Course – Computer Security
Advertisements

Using the Self Service BMC Helpdesk
BLADE: An Attack-Agnostic Approach for Preventing Drive-By Malware Infections, L. Lu et al. BLADE: An Attack-Agnostic Approach for Preventing Drive-By.
Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.
Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Urchin & Website Usability. Usability Study Usability study is a repetitive process that involves testing a site and then using the test results to change.
A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared.
James Tam Web Browsers In this section of notes you will learn about the web browsing process, some of the important features of popular browsers and a.
Building Robust and Automatic Authentication Systems with Activity- Based Personal Questions Mentor: Danfeng Yao Anitra Babic Chestnut Hill College Computer.
Symantec AntiVirus Update Mark Reynolds Manager of Support Services Technology Support Services Michael Satut Manager of Distributed Support Services Technology.
This is your desktop. Open a browser and Click on this link.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Automated Web Patrol with Strider HoneyMonkeys Present by Zhichun Li.
Internet Security PA Turnpike Commission. Internet Security Practices, rule #1: Be distrustful when using the Internet!
Help Manual for Tender Download on DAE portal.. Open the Internet Explorer and type the URL of the portal. In this case we are considering the example.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Showing you the path to Internet. Daniel Durán Benjamin Keltjens.
Norman SecureSurf Protect your users when surfing the Internet.
Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis Authors: Heng Yin, Dawn Song, Manuel Egele, Christoper Kruegel, and.
Dynamic Web Pages (Flash, JavaScript)
Week 7 Lecture Web Database Development Samuel Conn, Asst. Professor
1 Spyware, Adware, and Browser Hijacking. ECE Agenda What is Spyware? What is Adware? What is Browser Hijacking? Security concerns and risks Prevention,
All Your iFRAMEs Point to Us Niels provos,Panayiotis mavrommatis - Google Inc Moheeb Abu Rajab, Fabian Monrose - Johns Hopkins University Google Technical.
Web Browser Security Prepared By Mohammed EL-Batta Mohammed Soubih Supervised By Eng. Eman alajrami Explain Date 10. may University of Palestine.
Lesson 4: The Internet and Outlook. Learning Objectives After studying this lesson, you will be able to:  Use the Search box with Internet Explorer 
A Crawler-based Study of Spyware on the Web A.Moshchuk, T.Bragin, D.Gribble, M.Levy NDSS, 2006 * Presented by Justin Miller on 3/6/07.
Behavior-based Spyware Detection By Engin Kirda and Christopher Kruegel Secure Systems Lab Technical University Vienna Greg Banks, Giovanni Vigna, and.
A Crawler-based Study of Spyware on the Web Authors: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, and Henry M. Levy University of Washington 13.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Proof-Of-Concept: Signature Based Malware Detection for Websites and Domain Administrators - Anant Kochhar.
Universiti Utara Malaysia Chapter 3 Introduction to ASP.NET 3.5.
CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.
A Framework for Enforcing Information Flow Policies Bhuvan Mital Secure Systems Laboratory, Stony Brook University A Thesis Presentation in Partial Fulfillment.
A bad case of content reuse Validator Website to Validate License Violations Validator – Only requires the URI of the site to check for a license violation.
Senior Project, 2015, Spring Senior Project Web Site –Version 5 Student: Jacek Kopczynski, Florida International University Mentor: Masoud Sadjadi, Florida.
Department of Computer Science Internet Performance Measurements using Firefox Extensions Scot L. DeDeo Professor Craig Wills.
Inclusive Education Planning Tool IEPT3 Technical Brief Presented by: Kim Brockhoff, Paul Redman & Catherine Walker.
Semantic Clipboard User Interface is integrated in the Browser Architecture of the Semantic Clipboard Illustration of a license incompliant content reuse.
Event Websites, Part II: Setting Goals and Measuring Conversions John Curtis, Quotient Stephen Nold, Advon Technologies Ian Strain-Seymour, Apogee Search.
Test Automation For Web-Based Applications Portnov Computer School Presenter: Ellie Skobel.
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
Presenter: Le Quoc Thanh SPYWARE ANALYSIS AND DETECTION.
VIGNAN'S NIRULA INSTITUTE OF TECHNOLOGY & SCIENCE FOR WOMEN TOOLS LINKS PRESENTED BY 1.P.NAVEENA09NN1A A.SOUJANYA09NN1A R.PRASANNA09NN1A1251.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.
Erica Larnerd COSC Spyware...  What is it?  What does it do?  How does it get on my computer?  How can I tell if it’s on my computer?  What.
Web Analytics and Reporting Michal Neuwirth Product Manager – Kentico Software.
Intelligent Data Systems Lab. Department of Computer Science & Engineering Python Installation guide 컴퓨터의 개념 및 실습.
DEPARTMENT MODULE User’s Guide. Step 1. Click Files Step 2. Click Department.
Remove [Browser Hijackers] For more information regarding [Browser Hijackers] Please Visit:
Powerpoint presentation on Drive-by download attack -By Yogita Goyal.
“What the is That? Deception and Countermeasures in the Android User Interface” Presented by Luke Moors.
What are the steps to install a Brother Printer without the CD.
PIWIK JUNIOR TIDAL ASSOCIATE PROF., WEB SERVICES & MULTIMEDIA LIBRARIAN NEW YORK CITY COLLEGE OF TECHNOLOGY, CUNY.
Department of Computer Science
GENERALIZATION OF TOOLTIPS
Mozilla Firefox connector
* First of all, you need to click “Start”, “Control Panel” and then System and Security. After this, you need to click on the link ‘Back up Your Computer’
BotCatch: A Behavior and Signature Correlated Bot Detection Approach
CALL AOL Customer Support Number. How to Download and Install AOL Desktop Gold We are discussing a problem related to AOL where the users failed.
Dynamic Web Pages (Flash, JavaScript)
How to Install an old version of Adobe Reader on Mac OS.
Install DoD CA Certificate Instructions for Firefox
Anatomy of a Search Search The Index:
ISI Web of Knowledge update: April 2009
Go to the Audacity website. (You can search for Audacity in Google).
Recitation on AdFisher
HOW TO TAKE MONTHLY REPORT OF ATTACH VEHICLE
Digital Signature Certificate- Common Signer Manual
Week 7 - Wednesday CS363.
Presentation transcript:

Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department

 drive-by-download - when visiting a URL causes malware to be installed on a computer  Most approaches to detecting drive-by- downloads focus only on server-side solutions or browser security  We can use the user’s input to validate each download when it occurs

 Implemented on Windows  Popular; most drive-by-downloads on Windows  Has convenient tool for monitoring file system events ( Process Monitor ) Process Monitor  Closed source; parts of API unavailable  We used the Firefox extension tlogger to handle user input tlogger  Wrote a program that takes the file system data from ProcMon and user action data from tlogger and flags any ‘suspicious’ downloads

 ProcMon doesn’t save its data in real-time  minispy is a sample program supplied with the Windows Driver Kit that works just like ProcMon minispy  Some websites redirect through a chain of pages before reaching the download (e.g. download.com)  In practice, there is a long lag time between a link click and file creation  It may not be possible to track the user clicking the ‘Save File’ button

User Kernel DBD Analyzer Web Browser Input Monitor File System Monitor Operating System

User Kernel DBD Analyzer Firefox tlogger Modified minispy Modified minispy Windows &

 Tracks, using ProcMon/minispy, for the creation of files by Firefox  When a file is created by Firefox, the analyzer searches through the entries in the tlogger data file for a corresponding user input  As long as the input occurred within a time limit from the file creation, it is a valid download

 Windows is not compromised  Firefox and tlogger are not compromised  No file overwrites occur in any file downloads  File creation occurs in legitimate downloads within a short time of the user input that initiated it

 Want to test:  Effectiveness of solution ▪ Particularly false positive/negative rates  Performance and Usability ▪ Overhead on system ▪ Whether it is obtrusive to the user  Will do both:  User study  Partially automated testing

 Authenticating the user input  Trusted Platform Module (TPM) can be used  Making input logger platform independent  Test on both real-world techniques and synthesized ones  Find better input to track  Find some way to track the user’s clicking the ‘Save File’ button

 Thanks to:  Mentor Danfeng Yao  Qiang Ma  DIMACS Faculty

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.