Title :
Detecting Code Injection Attacks in Internet Explorer
Author :
Anderson, Blake ; Quist, Daniel ; Lane, Terran
Author_Institution :
Los Alamos Nat. Lab., Los Alamos, NM, USA
Abstract :
Code injection vulnerabilities are a major threat to Internet security. The ability for a malicious website to install malware on a host using these vulnerabilities without its knowledge is particularly menacing. In this paper, we approach this problem from a new perspective by constructing a Markov chain graph from the system calls Internet Explorer executes and then modeling this graph over time. We apply a Gaussian process change-point algorithm to detect code injection attacks. To show the efficacy of this approach, we collect a novel dataset of system call traces of 6 code injection attacks using 3 distinct exploits against the Internet Explorer browser. Our algorithm was able to detect all of the code injection attacks with a limited number of false positives.
Keywords :
Gaussian processes; Markov processes; invasive software; online front-ends; Gaussian process change-point algorithm; Internet Explorer; Internet security; Markov chain graph; code injection attack detection; code injection vulnerability; malicious Web site; malware; Browsers; Detection algorithms; Gaussian processes; Internet; Kernel; Markov processes; Virtual machining; Code Injection; Graph Kernels; Malware Detection; Support Vector Machines;
Conference_Titel :
Computer Software and Applications Conference Workshops (COMPSACW), 2011 IEEE 35th Annual
Conference_Location :
Munich
Print_ISBN :
978-1-4577-0980-7
Electronic_ISBN :
978-0-7695-4459-5
DOI :
10.1109/COMPSACW.2011.25
