|![[Search]](https://talks.cam.ac.uk/images/search.gif?1209136071)
|![[A-Z Index]](https://talks.cam.ac.uk/images/az.gif?1209136071)
|![[Contact]](https://talks.cam.ac.uk/images/contact.gif?1209136071)
||![[University of Cambridge]](https://talks.cam.ac.uk/images/identifier2.gif?1209136071){kind=small} |
COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring. | ![[Talks.cam]](https://talks.cam.ac.uk/images/talkslogosmall.gif?1209136071) |
Rozzle: De-Cloaking Internet MalwareAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Peter Sewell. In recent years, attacks that exploit vulnerabilities in browsers and their associated plugins have increased significantly. These attacks are often written in JavaScript and literally millions of URLs contain such malicious content. While static and runtime methods for malware detection been proposed in the literature, both on the client side, for just-in-time in-browser detection, as well as offline, crawler-based malware discovery, these approaches encounter the same fundamental limitation. Web-based malware tends to be environment-specific, targeting a particular browser, often attacking specific versions of installed plugins. This targeting occurs because the malware exploits vulnerabilities in specific plugins and fail otherwise. As a result, a fundamental limitation for detecting a piece of malware is that malware is triggered infrequently, only showing itself when the right environment is present. In fact, using current fingerprinting techniques, just about any piece of existing malware may be made virtually undetectable with the current generation of malware scanners. We propose Rozzle, a JavaScript multi-execution virtual machine, as a way to explore multiple execution paths within a single execution, designed for environment-specific malware to reveal itself. Using large-scale experiments, we show that Rozzle increases the detection rate for offline runtime detection by almost seven times. We show that Rozzle incurs virtually no runtime overhead and allows us to replace multiple VMs running different browser configurations with a single Rozzle-enabled browser, reducing the hardware requirements, network bandwidth, and power consumption. This talk is part of the REMS lunch series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsEngineers Without Borders Panel Talks 'Love and Revolution' reading group Cambridge Medieval Art Seminar Series Isaac Newton Institute Seminar Series Isaac Newton Institute Seminar Series Darwin SocietyOther talksAutumn Cactus & Succulent Show Primate tourism: opportunities and challenges Ramble through my greenhouse and Automation The Ethical and Legal Elements of Capacity and Consent Parkinson's Rehabilitation using interactive Dance Technology |
Wednesday 16 September 2015, 13:00-14:00