TY - GEN
T1 - A new technique for counteracting web browser exploits
AU - Min, Byungho
AU - Varadharajan, Vijay
PY - 2013
Y1 - 2013
N2 - Over the last few years, exploit kits have been increasingly used for system compromise and malware propagation. As they target the web browser which is one of the most commonly used software in the Internet era, exploit kits have become a major concern of security community. In this paper, we propose a proactive approach to protecting vulnerable systems from this prevalent cyber threat. Our technique intercepts communications between the web browser and web pages, and proactively blocks the execution of exploit kits using version information of web browser plugins. Our system, AFFAF, is a zero-configuration solution, and hence users do not need to do anything but just simply install it. Also, it is an easy-to-employ methodology from the perspective of plugin developers. We have implemented a lightweight prototype, which has demonstrated that AFFAF protected vulnerable systems can counteract 50 real-world and one locally deployed exploit kit URLs. Tested exploit kits include popular and well-maintained ones such as Blackhole 2.0, Redkit, Sakura, Cool and Bleeding Life 2. We have also shown that the false positive rate of AFFAF is virtually zero, and it is robust enough to be effective against real web browser plugin scanners.
AB - Over the last few years, exploit kits have been increasingly used for system compromise and malware propagation. As they target the web browser which is one of the most commonly used software in the Internet era, exploit kits have become a major concern of security community. In this paper, we propose a proactive approach to protecting vulnerable systems from this prevalent cyber threat. Our technique intercepts communications between the web browser and web pages, and proactively blocks the execution of exploit kits using version information of web browser plugins. Our system, AFFAF, is a zero-configuration solution, and hence users do not need to do anything but just simply install it. Also, it is an easy-to-employ methodology from the perspective of plugin developers. We have implemented a lightweight prototype, which has demonstrated that AFFAF protected vulnerable systems can counteract 50 real-world and one locally deployed exploit kit URLs. Tested exploit kits include popular and well-maintained ones such as Blackhole 2.0, Redkit, Sakura, Cool and Bleeding Life 2. We have also shown that the false positive rate of AFFAF is virtually zero, and it is robust enough to be effective against real web browser plugin scanners.
UR - http://www.scopus.com/inward/record.url?scp=84903537350&partnerID=8YFLogxK
U2 - 10.1109/ASWEC.2014.28
DO - 10.1109/ASWEC.2014.28
M3 - Conference proceeding contribution
AN - SCOPUS:84903537350
SN - 9781479931491
T3 - Australian Software Engineering Conference
SP - 132
EP - 141
BT - ASWEC 2014
PB - Institute of Electrical and Electronics Engineers (IEEE)
CY - Los Alamitos, CA
T2 - 23rd Australasian Software Engineering Conference, ASWEC 2014
Y2 - 7 April 2014 through 10 April 2014
ER -