JShield: Towards Real-time and Vulnerability-based Detection of Polluted Drive-by Download Attacks

Presentation pptx 734KB

Drive-by download attacks, which exploit vulnerabilities of web browsers to control client computers, have become a major venue for attackers. In this paper, we propose a vulnerability-based approach, namely JShield, which uses novel opcode vulnerability signature, a deterministic finite automaton (DFA) with a variable pool at opcode level, to match drive-by download vulnerabilities. JShield is able to match all the JavaScript engine vulnerabilities of web browsers from 2009 to 2014, as well as those of portable document files (PDF) readers from 2007 to 2014.

Author(s):

Yinzhi Cao    
Columbia University
United States

Xiang Pan    
Northwestern University
United States

Yan Chen    
Northwestern University
United States

Jianwei Zhuge    
Tsinghua University
China