Title :
HoneyAgent: Detecting malicious Java applets by using dynamic analysis
Author :
Gassen, Jan ; Chapman, Jonathan P.
Author_Institution :
Fraunhofer FKIE, Bonn, Germany
Abstract :
Malicious Java applets are widely used to deliver malicious software to remote systems. In this work, we present HoneyAgent which allows for the dynamic analysis of Java applets, bypassing common obfuscation techniques. This enables security researchers to quickly comprehend the functionality of an examined applet and to unveil malicious behavior. In order to trace the behavior of a sample as far as possible, HoneyAgent is further able to simulate various vulnerabilities allowing analysts for example to identify the malware that should finally be installed by the applet. In our evaluation, we show that HoneyAgent is able to reliably detect malicious applets used by common exploit kits with no false positives. By using a combination of heuristics as well as signatures applied to observed method invocations, HoneyAgent is further able to identify exploited common vulnerabilities and exposures in many cases.
Keywords :
Java; distributed processing; invasive software; system monitoring; HoneyAgent; dynamic analysis; malicious Java applet detection; malicious behavior; malicious software; obfuscation techniques; remote systems; security researchers; Arrays; Java; Malware; Runtime; Software; Web pages;
Conference_Titel :
Malicious and Unwanted Software: The Americas (MALWARE), 2014 9th International Conference on
Conference_Location :
Fajardo, PR
Print_ISBN :
978-1-4799-7328-6
DOI :
10.1109/MALWARE.2014.6999402
