Title :
Detecting heap-spray attacks in drive-by downloads: Giving attackers a hand
Author :
Van Lam Le ; Welch, Ian ; Xiaoying Gao ; Komisarczuk, Peter
Author_Institution :
Sch. of Eng. & Comput. Sci., Victoria Univ. of Wellington, Wellington, New Zealand
Abstract :
In the anatomy of drive-by download attacks, one of the key steps is to place malicious code (shellcode) in the memory of the browser process in order to carry out a drive-by download attack. There are two common techniques to carry out this task: stack-based and heap-based injections. However, introduction of stack protection makes the stack-based injection harder to carry out successfully. The heap-based injections become common methods to deliver shellcode to the heap memory of the web browsers. This paper presents the role of heap-spray in drive-by download attacks. We propose a new detection mechanism which makes shellcode in heap-spray executed in order to detect drive-by download attack. The solution not only benefits detection of drive-by download attacks but also analysis of malware behavior.
Keywords :
invasive software; online front-ends; Web browsers; browser process; detection mechanism; drive-by download attack; heap-based injection technique; heap-spray attacks detection; malicious code; malware behavior; shellcode; stack protection; stack-based injection technique; Browsers; Educational institutions; Internet; Malware; Monitoring; Resource management; Web pages; Drive-by-download; Internet Security; malicious web page;
Conference_Titel :
Local Computer Networks (LCN), 2013 IEEE 38th Conference on
Conference_Location :
Sydney, NSW
Print_ISBN :
978-1-4799-0536-2
DOI :
10.1109/LCN.2013.6761254
