A simple and novel technique for counteracting exploit kits

Byungho Min*, Vijay Varadharajan

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

2 Citations (Scopus)

Abstract

Exploit kits have become a major cyber threat over the last few years. They are widely used in both massive and highly targeted cyber attack operations. The exploit kits make use of multiple exploits for major web browsers like Internet Explorer and popular browser plugins such as Adobe Flash and Reader. In this paper, a proactive approach to preventing this prevalent cyber threat from triggering their exploits is proposed. The suggested new technique called AFFAF proactively protects vulnerable systems using a fundamental characteristic of the exploit kits. Specifically, it utilises version information of web browsers and browser plugins. AFFAF is a zero-configuration solution, which means that users do not need to configure anything after installing it. In addition, it is an easy-to-employ methodology from the perspective of plugin developers. We have implemented a lightweight prototype and have shown that AFFAF enabled vulnerable systems can counteract 50 real-world and one locally deployed exploit kit URLs. Tested exploit kits include popular and well-maintained ones such as Blackhole 2.0, Redkit, Sakura, Cool and Bleeding Life 2. We have also demonstrated that the false positive rate of AFFAF is virtually zero, and it is robust enough to be effective against real web browser plugin scanners.

Original languageEnglish
Title of host publicationInternational Conference on Security and Privacy in Communication Networks
Subtitle of host publication10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part I
EditorsJing Tian, Jiwu Jing, Mudhakar Srivatsa
Place of PublicationCham
PublisherSpringer, Springer Nature
Pages259-277
Number of pages19
Volume152
ISBN (Electronic)9783319238296
ISBN (Print)9783319238289
DOIs
Publication statusPublished - 2015
EventInternational Conference on Security and Privacy in Communication Networks (10th : 2014) - Beijing, China
Duration: 24 Sept 201426 Sept 2014

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume152
ISSN (Print)1867-8211
ISSN (Electronic)1867-822X

Conference

ConferenceInternational Conference on Security and Privacy in Communication Networks (10th : 2014)
Country/TerritoryChina
CityBeijing
Period24/09/1426/09/14

Fingerprint

Dive into the research topics of 'A simple and novel technique for counteracting exploit kits'. Together they form a unique fingerprint.

Cite this