Finding Malware on a Web Scale

Livshits, Benjamin

doi:10.1007/978-3-642-33704-8_1

Benjamin Livshits¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 7531))

Included in the following conference series:

International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security

2053 Accesses
1 Citations

Abstract

In recent years, attacks that exploit vulnerabilities in browsers and their associated plugins have increased significantly. These attacks are often written in JavaScript and millions of URLs contain such malicious content.

Over the last several years, we have created a series of techniques designed to detect and prevent malicious software or malware. These techniques focus on detecting malware that infects web pages. Much of this research has been done in close collaboration with a major search engine, Bing, which is interested in making sure it does not present malicious results to its users, independently of the user’s browser, location, or operating system. As such, detection needs to be as general and wide-reaching as possible. While some of the techniques summarized below can be deployed within a web browser, our primary deployment model involves crawling the web in an effort to find and blacklist malicious pages.

In the rest of this paper, we will summarize three related projects: Nozzle, Zozzle, and Rozzle. Nozzle is a runtime malware detector. Zozzle is a a mostly static malware detector. Finally, Rozzle is a de-cloacking technique that amplifies both.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Curtsinger, C., Livshits, B., Zorn, B., Seifert, C.: Zozzle: Low-overhead mostly static JavaScript malware detection. In: Proceedings of the Usenix Security Symposium (August 2011)
Google Scholar
Kolbitsch, C., Livshits, B., Zorn, B., Seifert, C.: Rozzle: De-cloaking internet malware. In: IEEE Symposium on Security and Privacy (May 2012)
Google Scholar
Ratanaworabhan, P., Livshits, B., Zorn, B.: Nozzle: A defense against heap-spraying code injection attacks. In: Proceedings of the Usenix Security Symposium (August 2009)
Google Scholar

Download references

Author information

Authors and Affiliations

Microsoft Research, USA
Benjamin Livshits

Authors

Benjamin Livshits
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

St. Petersburg Institute for Informatics and Automation, Russian Academy of Science, 39, 14th Liniya, 199178, St.-Petersburg, Russia
Igor Kotenko
Binghamton University (SUNYI), 13902, Binghamton, NY, USA
Victor Skormin

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Livshits, B. (2012). Finding Malware on a Web Scale. In: Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2012. Lecture Notes in Computer Science, vol 7531. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33704-8_1

Download citation

DOI: https://doi.org/10.1007/978-3-642-33704-8_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33703-1
Online ISBN: 978-3-642-33704-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics