A simple client-side defense against environment-dependent web-based malware

Gen Lu, Karan Chadha, Saumya Debray
2013 2013 8th International Conference on Malicious and Unwanted Software: "The Americas" (MALWARE)  
Web-based malware tend to be environmentdependent, which poses a significant challenge on defending web-based attacks, because the malicious code-which may be exposed and activated only under specific environmental conditions such as the version of the browser-may not be triggered during analysis. This paper proposes a simple approach for defending environment-dependent malware. Instead of increasing analysis coverage in detector, the goal of this technique is to ensure that the client will
more » ... the same execution path as the one examined by the detector. This technique is designed to work alongside a detector, it can handle cases existing multi-path exploration techniques are incapable of, and provides an efficient way to identify discrepancies in a JavaScript program's execution behavior in a user's environment compared to its behavior in a sandboxed detector, thereby detecting false negatives that may have been caused by environment dependencies. Experiment shows that this technique can effectively detect environment-dependent behavior discrepancy of various forms, including those seen in real malware.
doi:10.1109/malware.2013.6703694 dblp:conf/malware/LuCD13 fatcat:nedorta7svajxmvizo7jraw3dy