Real-Time Malicious Script Blocking Technology at the Host-Level
Due to the diversity of mobile devices, interests have been increased towards HTML5, the next generation’s web standard which pursues cross platform. To play media files or process 3D graphics in previous HTML environments, users had to install non-standard plug-ins such as Silverlight or Active X. On the other hand, HTML5 provides new tag functions of audio, video etc and new java script functions of Websocket, Geolocation API etc to substitute non-standard technologies such as Active X. To use such functions of HTML5, web browser developers are competitively applying HTML5 to their browsers, making the active conversion to HTML5 a global trend of today. Along with such trend, however, the risk of new cyber attacks taking advantage of java scripts, the key function of HTML5, is also increasing. Cyber attacks based on scripts can trigger vicious actions when the user just accesses web pages inserted with vicious scripts, and thus there are limits in detection using previous security technologies. This paper proposes a technology which collects and analyzes HTTP traffic generated through web browsers at host level to detect and block vicious scripts.
KeywordsMalicious Code Analysis Agent Host Level Java Script Cross Site Script
Unable to display preview. Download preview PDF.
- 1.W3C, “HTML5 Standard”, April 20 2015, http://www.w3.org/standards
- 2.Gartner, “Gartner Identifies Top 10 Mobile Technologies and Capabilities for 2015 and 2016”, February 24 2014.Google Scholar
- 3.KISA, WebCheck. Available: http://webcheck.kisa.or.kr
- 4.McAfee. SiteAdviser. Available : http://www.siteadvisor.com
- 5.Young-wook Lee, Dong-jae Jeong, Sang-hoon Jeon, and Chae-ho Im, “Design and Implementation of Web-browser based Malicious behavior Detection System(WMDS)” Journal of Information Security & Cryptology June, 2012Google Scholar
- 6.Tinyproxy, https://tinyproxy.github.io/
- 7.YARA Documentation, http://yara.readthedocs.org/en/latest/index.html
- 8.Chrome V8, https://developers.google.com/v8