measurement research to the web calamity s rescue
play

Measurement Research to the Web Calamity's Rescue Gregory BLANC - PowerPoint PPT Presentation

Dec 07, 2022 •159 likes •417 views

Measurement Research to the Web Calamity's Rescue Gregory BLANC Internet Engineering Laboratory Nara Institute of Science Technology WIDE member 3rd CAIDA-WIDE-CASFI Measurement Workshop April 24-25, 2010, Osaka Sunday, April 25, 2010 What

  1. Measurement Research to the Web Calamity's Rescue Gregory BLANC Internet Engineering Laboratory Nara Institute of Science Technology WIDE member 3rd CAIDA-WIDE-CASFI Measurement Workshop April 24-25, 2010, Osaka Sunday, April 25, 2010

  2. What measurement does? • CAIDA: malicious activity analysis, traffic classification, data sharing • CASFI: performance measurement, traffic analysis, data sharing • WIDE-mawi: DNS behavior analysis, traffic measurement, data sharing • overall, deploying probes at the network layer and measuring traffic characteristics 2 Sunday, April 25, 2010

  3. What measurement does? (from the leaders) • Kenjiro CHO ~ “AJAX generates a lot of traffic” • Brad HUFFAKER ~ “HTTP is king” • Sue MOON ~ “The Web admin left” 3 Sunday, April 25, 2010

  4. What measurement can do? • distinguishing application won’t help • we need to look deeper in the application layer • draw statistics of what is actually flowing • collect samples of what interests us 4 Sunday, April 25, 2010

  5. Common Issues in Web Security Research • we often encounter issues when evaluating proposals (systems): • lack of datasets: nothing to play with • homogeneous datasets: too much of the same thing • outdated datasets: remember the KDD Cup 1999? • unbalanced datasets: might not be representing the reality 5 Sunday, April 25, 2010

  6. Existing methods to collect JS samples (1): crawling • merits • JS may represent a small percentage • automated • solution: targeting blacklisted websites • can collect loads of data • user contribution • demerits • do not understand • Example: AJAX • can not mimic • crawler.archive.org accurately the user • target site should be wisely chosen 6 Sunday, April 25, 2010

  7. Existing methods to collect JS samples (2): analysis website • merits • solution: to encourage sharing • only malicious JS • but it will be limited to what users would • often deobfuscated want to contribute • available online • demerits • Example • size depends on user • wepawet.cs.ucsb.edu contribution • jsunpack.jeek.org • dataset is not enough varied • data is not always available 7 Sunday, April 25, 2010

  8. No solution in the wild (1) • we do not capture malicious JS because it is volatile in nature: • volatileness • obfuscation • transience • duplication • redirection • application layer • silent bidirectional communication 8 Sunday, April 25, 2010

  9. No solution in the wild (2) • no efficient crawlers • no attractive sharing platforms • small user contribution • new ways to get samples in the wild: • network probes with deep packet inspection -> overhead • browser monitoring -> privacy • logs 9 Sunday, April 25, 2010

  10. JS measurement • what to measure? is it measurable? • degree of obfuscation of benign Web 2.0 traffic: obfuscation does not indicate maliciousness • spread of JS malware: Samy was fast but noisy • JS malware code collection: overall lack of reliable datasets 10 Sunday, April 25, 2010

  11. Web 2.0 • not only a buzzword • paradigm shift: • shift in the development • shift in the usage 11 Sunday, April 25, 2010

  12. Development Shift • Rich Internet Applications (desktop) • Asynchronous Communication • Cross-domain Interaction • Web Services 12 Sunday, April 25, 2010

  13. Usage Shift • Software Consumption • Collaboration/Participation • Content Sharing • Syndication/Aggregation • Social Networking 13 Sunday, April 25, 2010

  14. Browser Model Shift • To cope with the Web 2.0 offer, the browser model has also changed: • plugins (Flash) • APIs (Ajax, custom, etc.) • interconnection (ActiveX, JavaVM) 14 Sunday, April 25, 2010

  15. 15 Sunday, April 25, 2010

  16. User is the new victim This new browser model provides a better user experience but provides the attacker with a wider attack space • server side: too many websites with too many inputs to validate or control • client side: the user is left defenseless even against deemed benign popular sites Attackers prefer to concentrate on the most vulnerable, the end-user: phishing, drive-by attacks,etc. 16 Sunday, April 25, 2010

  17. JS malware (1) • JS is a dynamic prototype-oriented event-drivent scripting language • a good tool to program automated elaborated script that can do massive harm • JS malwre: observed and defined by some security researchers (Brian Hoffman, Jeremiah Grossman, Martin Johns, etc.) 17 Sunday, April 25, 2010

  18. JS malware (2) • propagates like conventional malware • wide category regrouping JS-based malicious code • PoC: XSS tunnel/proxy/botnet • in-the-wild examples: BeEF, BrowserRider, XSS-proxy, Samy worm, Yamanner 18 Sunday, April 25, 2010

  19. Strengths of JS Malware • 1) stealth: property of going unnoticed by the user and the server • use of the XHR object • 2) polymorphism: ability of changing its form dynamically to evade signature • use of prototype hijacking • 3) obfuscation 19 Sunday, April 25, 2010

  20. JavaScript Analysis • dynamic execution [Moshchuk’07] • static/dynamic tainting [Vogt’07] • control flow graph [Guha’09] • semantics [Hou’08] • machine-learning based [Choi’09, Hou’10, Likarish’09] 20 Sunday, April 25, 2010

  21. JavaScript Deobfuscation • manual deobfuscation • semi-automated (Malzilla) • anti-analysis tricks: • recursive obfuscation • anti-crawling traps • argument.callee 21 Sunday, April 25, 2010

  22. Conclusion • Our research area suffers a great lack of reliable and representative data • We have the methods and tools to carry out analysis but no data • Measurement research has made progress not only on collection but also on efficiency • It is time to cooperate! 22 Sunday, April 25, 2010

  23. Overture • JavaScript is not the only matter of concern • VBScript, ActionScript (Flash) • new media of propagation (SNS) • distribution websites structure 23 Sunday, April 25, 2010

  24. Questions / Discussion • Thank you for your attention • Let’s start a cooperation: gregory@is.naist.jp 24 Sunday, April 25, 2010

  25. References • [Moshchuk’07]: SpyProxy: Execution-based Detection of Malicious Web Content, USENIX Security’07 • [Vogt’07]: Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis, NDSS’07 • [Hou’08]: Malicious Webpage Detection by Semantics-Aware Reasoning, ISDA’08 • [Choi’09]: Automatic Detection for JavaScript Attacks in Web Pages through String Pattern Analysis, FGIT’09 • [Guha’09]: Using Static Analysis for Ajax Intrusion Detection, WWW’09 • [Likarish’09]: Malicious Javascript Detection Using Classification Techniques, MALWARE’09 • [Hou’10]: Malicious Web Content Detection by Machine Learning, Expert Systems with Applications #37 25 Sunday, April 25, 2010

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How Calamity Days Affect Summer Retirements 1 50 343c, 6/16/1 Calamity days During

How Calamity Days Affect Summer Retirements 1 50 343c, 6/16/1 Calamity days During

STATE TEACHERS RETIREMENT SYSTEM OF OHIO How Calamity Days Affect Summer Retirements On Demand Version How Calamity Days Affect Summer Retirements 1 50 343c, 6/16/1 Calamity days During todays webinar, I will: Explain how

538 views • 9 slides
(FWE-RRK 3:1/FWE-RRK 5:1) R-ALF RESCUE KIT 3:1 / 5:1 Australia The Ferno R-ALF Rescue Kit is a

(FWE-RRK 3:1/FWE-RRK 5:1) R-ALF RESCUE KIT 3:1 / 5:1 Australia The Ferno R-ALF Rescue Kit is a

Doc ID: 00332-V1_R-ALF-RESCUE-KIT_Instructions USER INSTRUCTIONS (FWE-RRK 3:1/FWE-RRK 5:1) R-ALF RESCUE KIT 3:1 / 5:1 Australia The Ferno R-ALF Rescue Kit is a 3:1 or 5:1 ratio mechanical advantage lift system for work positioning, rescue or

195 views • 4 slides
ONTARIO MINE RESCUE ONTARIO MINE RESCUE PROGRAM PROGRAM 3 rd International Mines Rescue

ONTARIO MINE RESCUE ONTARIO MINE RESCUE PROGRAM PROGRAM 3 rd International Mines Rescue

ONTARIO MINE RESCUE ONTARIO MINE RESCUE PROGRAM PROGRAM 3 rd International Mines Rescue Conference Nashville Tennessee August 26 to September 1, 2007 1 EMERGENCY PREPAREDNESS IN THE 21 ST CENTURY 2 2 PREVENTABLE INCIDENTS! 3

445 views • 28 slides
Some Thoughts on the Financial Crisis THE LONG AND THE SHORT (TERM) OF IT The calamity in the

Some Thoughts on the Financial Crisis THE LONG AND THE SHORT (TERM) OF IT The calamity in the

Some Thoughts on the Financial Crisis THE LONG AND THE SHORT (TERM) OF IT The calamity in the mortgage market spread to other financial markets and across the world and despite the narrowing of spreads and the machinations of central banks and

337 views • 8 slides
The Measurement Manager Modular End-to-End Measurement Services Ph.D. Research Proposal

The Measurement Manager Modular End-to-End Measurement Services Ph.D. Research Proposal

The Measurement Manager Modular End-to-End Measurement Services Ph.D. Research Proposal Department of Electrical and Computer Engineering University of Maryland, College Park, MD Pavlos Papageorgiou pavlos@eng.umd.edu May 21, 2007 Ph.D.

924 views • 60 slides
St. Johns County Fire Rescue Master Plan February 2019 Fire Rescue Department Overview 911

St. Johns County Fire Rescue Master Plan February 2019 Fire Rescue Department Overview 911

St. Johns County Fire Rescue Master Plan February 2019 Fire Rescue Department Overview 911 Communications 17 Fire Rescue Stations Training 346 Full Time FTEs Public Education 70 Seasonal Marine Rescue Fire

791 views • 28 slides
CTIF Rescue and Fire Services CTIF Rescue and Fire Services on Airports on Airports CTIFs

CTIF Rescue and Fire Services CTIF Rescue and Fire Services on Airports on Airports CTIFs

CTIF Rescue and Fire Services CTIF Rescue and Fire Services on Airports on Airports CTIFs Delegates Assembly July 23rd 2009 Ostrava Czech Republic 22.5.2006 Salzburg CTIF Rescue and Fire Services on Airports CTIF Rescue and Fire

616 views • 26 slides
Measurement There are two main systems of measurement: - The English system

Measurement There are two main systems of measurement: - The English system

4 - 1 Introduction Measurement is finding a number that shows the size or amount of something. Measurement is done using measuring tools. Measurement There are two main systems of measurement: - The

438 views • 4 slides
JACKSONVILLE FIRE & RESCUE DEPARTMENT David Castleman, Chief of Rescue Fentany

JACKSONVILLE FIRE & RESCUE DEPARTMENT David Castleman, Chief of Rescue Fentany

Revised March 21, 2018 JACKSONVILLE FIRE & RESCUE DEPARTMENT David Castleman, Chief of Rescue Fentany anyl Code dein ine Oxycodo codone Heroin oin Methadon hadone Morph rphin ine

641 views • 38 slides
THE REACH AND RESCUE ADVANTAGE Longest and most successful rescue pole system in the world

THE REACH AND RESCUE ADVANTAGE Longest and most successful rescue pole system in the world

THE REACH AND RESCUE ADVANTAGE Longest and most successful rescue pole system in the world Safer for the operator Quickly and accurately deployed Low skilled technique Fast retrieval of victim Adaptable to many

148 views • 12 slides
2. Adjustable Litter Handle Litter Handle for Search and Rescue 3,453 wilderness rescue

2. Adjustable Litter Handle Litter Handle for Search and Rescue 3,453 wilderness rescue

2. Adjustable Litter Handle Litter Handle for Search and Rescue 3,453 wilderness rescue operations in the US in 2017 Manual Carries More comfortable cooperation between rescuers of different heights Product Goals More ergonomic

456 views • 11 slides
Strategies to Combat Arsenic Calamity in West Bengal, India as Madhum umita Roy , Sut Sutapa Muk

Strategies to Combat Arsenic Calamity in West Bengal, India as Madhum umita Roy , Sut Sutapa Muk

Strategies to Combat Arsenic Calamity in West Bengal, India as Madhum umita Roy , Sut Sutapa Muk ukherjee, Jaydip Jaydip Bisw Biswas Ch Chittaranj njan n Nationa nal Ca Canc ncer Ins nstitut ute, Kolkata, INDIA. Cancer caused by

373 views • 3 slides
Climate calamity Psycho-spiritual implications Sensei Kritee (Kanko), Ph.D. Interface, Feb 2016

Climate calamity Psycho-spiritual implications Sensei Kritee (Kanko), Ph.D. Interface, Feb 2016

Climate calamity Psycho-spiritual implications Sensei Kritee (Kanko), Ph.D. Interface, Feb 2016 Psycho-spiritual basis for a path forward (Neglecting any one of this tripods legs is not wholesome) Personal resilience & empowerment

647 views • 20 slides
CAPTAIN RESCUE Sponsored by: Phantom Rescue The real dangers of over-sharing online. #TMI We

CAPTAIN RESCUE Sponsored by: Phantom Rescue The real dangers of over-sharing online. #TMI We

Personal Safety & Awareness CAPTAIN RESCUE Sponsored by: Phantom Rescue The real dangers of over-sharing online. #TMI We use social media to share moments in our lives, but its important to understand the consequences of sharing

352 views • 13 slides
AND RESCUE (AMSAR) - TANZANIA Search and Rescue Organization TANZANIA SAR ORGANIZATIONAL

AND RESCUE (AMSAR) - TANZANIA Search and Rescue Organization TANZANIA SAR ORGANIZATIONAL

AERONAUTICAL AND MARITIME SEARCH AND RESCUE (AMSAR) - TANZANIA Search and Rescue Organization TANZANIA SAR ORGANIZATIONAL STRUCTURE THE PRIME MINISTERS OFFICE Disaster Management Department MINISTRY OF FINANCE AND ECONOMIC AFFAIRS MINISTRY OF

861 views • 18 slides
SARNet : Search and Rescue Network Integrated robotics systems for enhanced search-and-rescue

SARNet : Search and Rescue Network Integrated robotics systems for enhanced search-and-rescue

SARNet : Search and Rescue Network Integrated robotics systems for enhanced search-and-rescue Janna Lowensohn Timothy McDonald Alex Gray Lenora Dieyi Jose Rico Evan Inglett Abby Syndes Qian Wang Micah Corcoran Frederick Grimm

512 views • 13 slides
DAQ application using open source tools for Plasma heating experiment by Rameshkumar Joshi

DAQ application using open source tools for Plasma heating experiment by Rameshkumar Joshi

DAQ application using open source tools for Plasma heating experiment by Rameshkumar Joshi Institute for Plasma Research, India Institute for Plasma Research, India 1 Integrated DAQ architecture Client Computer having Programmable

524 views • 14 slides
Web Design Guidelines SWEN-444 Design Principles and Guidelines User Populations (Shared human

Web Design Guidelines SWEN-444 Design Principles and Guidelines User Populations (Shared human

Web Design Guidelines SWEN-444 Design Principles and Guidelines User Populations (Shared human ability and behavior) (Problem domains) Computing Paradigms (Platform guidelines and conventions) Foundation Design Principles (Empirical)

663 views • 21 slides
PHP and Rich Internet Applications Mike Potter http://www.riapedia.com/ mike.potter@adobe.com

PHP and Rich Internet Applications Mike Potter http://www.riapedia.com/ mike.potter@adobe.com

PHP and Rich Internet Applications Mike Potter http://www.riapedia.com/ mike.potter@adobe.com Fast Easy <?php if (!$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')) { echo 'Could not connect to mysql';

624 views • 47 slides
Lecture 10: Floating Point, Digital Design Todays topics: FP arithmetic Intro to

Lecture 10: Floating Point, Digital Design Todays topics: FP arithmetic Intro to

Lecture 10: Floating Point, Digital Design Todays topics: FP arithmetic Intro to Boolean functions 1 Examples Final representation: (-1) S x (1 + Fraction) x 2 (Exponent Bias) Represent -0.75 ten in single and

242 views • 20 slides
What's Happening in the What's Happening in the Apache Flex Project Apache Flex Project Flex

What's Happening in the What's Happening in the Apache Flex Project Apache Flex Project Flex

What's Happening in the What's Happening in the Apache Flex Project Apache Flex Project Flex Code is not just ActionScript Flex Code is not just ActionScript Agenda Brief Introduction to Me Brief Introduction to Flex Overview

370 views • 19 slides
TryF# building a system for multi-platform access to a managed language Nigel Horspool

TryF# building a system for multi-platform access to a managed language Nigel Horspool

TryF# building a system for multi-platform access to a managed language Nigel Horspool University of Victoria, Canada nigelh@cs.uvic.ca Designed by Don Syme, MSR Cambridge Mostly functional language, in spirit of Objective Caml

357 views • 15 slides
RIA Contact Josh Holmes James Ward Microsoft Evangelist Adobe Evangelist

RIA Contact Josh Holmes James Ward Microsoft Evangelist Adobe Evangelist

Architecting RIA Contact Josh Holmes James Ward Microsoft Evangelist Adobe Evangelist josh.holmes@microsoft.com jaward@adobe.com joshholmes.com jamesward.com What is by Kushal Das Is it Rural Inoculation Association? Rare Isotope

1.12k views • 65 slides
Wt, The Witty Web Toolkit FOSDEM Lightning talk Koen Deforche Wim Dumon Pieter Libin

Wt, The Witty Web Toolkit FOSDEM Lightning talk Koen Deforche Wim Dumon Pieter Libin

Wt, The Witty Web Toolkit FOSDEM Lightning talk Koen Deforche Wim Dumon Pieter Libin http://witty.sf.net/ FOSDEM 2007 Wim Dumon Wt Basics Library to develop web applications Rich Internet Applications Web 2.0

350 views • 22 slides

More recommend