VTechWorks staff will be away for the Thanksgiving holiday beginning at noon on Wednesday, November 27, through Friday, November 29. We will resume normal operations on Monday, December 2. Thank you for your patience.
 

User-Behavior Based Detection of Infection Onset

dc.contributor.authorXu, Kuien
dc.contributor.authorYao, Danfeng (Daphne)en
dc.contributor.authorMa, Qiangen
dc.contributor.authorCrowell, Alexanderen
dc.contributor.departmentComputer Scienceen
dc.date.accessioned2013-06-19T14:36:42Zen
dc.date.available2013-06-19T14:36:42Zen
dc.date.issued2010en
dc.description.abstractA major vector of computer infection is through exploiting software or design flaws in networked applications such as the browser. Malicious code can be fetched and executed on a victim’s machine without the user’s permission, as in drive-by download (DBD) attacks. In this paper, we describe a new tool called DeWare for detecting the onset of infection delivered through vulnerable applications. DeWare explores and enforces causal relationships between computer-related human behaviors and system properties, such as file-system access and process execution. Our tool can be used to provide real time protection of a personal computer, as well as for diagnosing and evaluating untrusted websites for forensic purposes. Besides the concrete DBD detection solution, we also formally define causal relationships between user actions and system events on a host. Identifying and enforcing correct causal relationships have important applications in realizing advanced and secure operating systems. We perform extensive experimental evaluation, including a user study with 21 participants, thousands of legitimate websites (for testing false alarms), as well as 84 malicious websites in the wild. Our results show that DeWare is able to correctly distinguish legitimate download events from unauthorized system events with a low false positive rate (< 1%).en
dc.format.mimetypeapplication/pdfen
dc.identifierhttp://eprints.cs.vt.edu/archive/00001122/en
dc.identifier.sourceurlhttp://eprints.cs.vt.edu/archive/00001122/01/paper-dbd.pdfen
dc.identifier.trnumberTR-10-09en
dc.identifier.urihttp://hdl.handle.net/10919/19383en
dc.language.isoenen
dc.publisherDepartment of Computer Science, Virginia Polytechnic Institute & State Universityen
dc.rightsIn Copyrighten
dc.rights.urihttp://rightsstatements.org/vocab/InC/1.0/en
dc.subjectOperating systemsen
dc.subjectNetworkingen
dc.titleUser-Behavior Based Detection of Infection Onseten
dc.typeTechnical reporten
dc.type.dcmitypeTexten

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
paper-dbd.pdf
Size:
584.1 KB
Format:
Adobe Portable Document Format