| 摘要(英) |
Information technology is changing rapidly. Since Web 2.0 concepts have been proposed in 1999, web patterns are getting more diverse. With the advent of the multi-device era, lots of the features which must install software into computers has been gradually transferred to the cloud services for implement cross-platform. Although some vendor’s proprietary languages, such as Flash, might reach some of the demand for presenting complex content, it impeded the cross-platform development. Thus, it promotes the establishment of the web standards. And JavaScript, as a standard of client-side scripting language, has become increasingly important.
At present, web services have been flourishing. JavaScript becomes ubiquitous and is visible everywhere, thereby the security issues of JavaScript should be taken seriously. Since types of hacker attack techniques are constantly evolving, it is a big topic that how timely and effectively defends new patterns of attack.
We proposed CPJ mechanism, it focuses on the client-side defense against JavaScript style attacks. We integrate VirusTotal, a cloud-bases security analysis service, into a browser. Therefore, with the latest malware database, it can analyze the behavior of a variety of JavaScript files. It allows the browser to block malicious code when the user browses the internet. |
| 參考文獻 |
[1] J.-S. Kim, H.-K. Kang, and H.-C. Jeong, "Study of Behavior-Based High Speed Visit/Inspection Technology to Detect Malicious Websites," in IT Convergence and Security 2012, ed: Springer, 2013, pp. 13-20.
[2] Y. Yu, Y. Yang, J. Gu, and L. Shen, "Analysis and suggestions for the security of web applications," in Computer Science and Network Technology (ICCSNT), 2011 International Conference on, 2011, pp. 236-240.
[3] OWASP, "Top 10 – 2010," The Ten Most Critical Web Application Security Risks, 2010.
[4] OWASP, "Top 10 – 2013," The Ten Most Critical Web Application Security Risks, 2013.
[5] C. Saiyed, "CryptoLocker," ISSA Journal, 2016.
[6] S. Lekies, B. Stock, M. Wentzel, and M. Johns, "The unexpected dangers of dynamic JavaScript," in 24th USENIX Security Symposium (USENIX Security 15), 2015, pp. 723-735.
[7] VirusTotal. About VirusTotal. Available: https://www.virustotal.com/en/about/
[8] MDN. Observer Notifications. Available: https://developer.mozilla.org/en-US/docs/Observer_Notifications
[9] ForbesLindesay. acorn-globals. Available: https://github.com/ForbesLindesay/acorn-globals
[10] VirusTotal. Public API v2.0. Available: https://www.virustotal.com/en/documentation/public-api/
[11] Fabasoft. Fabasoft app.telemetry Page Speed Monitor. Available: https://www.fabasoft.com/en/apptelemetry/page-speed-monitor
[12] M. Cova, C. Kruegel, and G. Vigna, "Detection and analysis of drive-by-download attacks and malicious JavaScript code," in Proceedings of the 19th international conference on World wide web, 2010, pp. 281-290.
[13] H. Shahriar and M. Zulkernine, "Client-side detection of cross-site request forgery attacks," in 2010 IEEE 21st International Symposium on Software Reliability Engineering, 2010, pp. 358-367.
[14] VirusTotal. Frequently Asked Questions. Available: https://www.virustotal.com/en/faq/
[15] VirusTotal. YARA - The pattern matching swiss knife for malware researchers. Available: http://virustotal.github.io/yara/ |
[Endnote RIS 格式]
[相關文章]
[文章引用]
[完整記錄]
[館藏目錄]
[檢視]
plurk
funp
live
udn
HD
myshare
netvibes
friend
youpush
delicious
baidu
Google bookmarks
del.icio.us
hemidemi
facebook
twitter
google
reddit