Skip to Main Content
 

Global Search Box

 
 
 
 

Files

File List

Full text release has been delayed at the author's request until December 16, 2024

ETD Abstract Container

Abstract Header

A Dynamic Analysis Framework for Classifying Malicious Webpages

Varghese, Allen
http://orcid.org/0009-0004-5337-8354
http://rave.ohiolink.edu/etdc/view?acc_num=dayton1702309597314385

Abstract Details

2023, Master of Computer Science (M.C.S.), University of Dayton, Computer Science.
In today’s interconnected digital landscape, the surge in malicious websites has caused a significant number of cyber-attacks and data breaches. These malicious entities largely employ JavaScript to execute attacks on web browsers. It is becoming increasingly apparent that attackers can evade traditional mechanisms, such as lexical analysis, content examination, and blacklists, through code obfuscation, which disguises the true intent of the code, and polymorphic or metamorphic code that alters itself with each execution. These techniques make it difficult for traditional static analysis tools to detect dynamically generated or altered code characteristics of sophisticated, evolving threats. Considering these challenges, notable research has progressed, proposing dynamic approaches that monitor JavaScript behavior in real-time. These dynamic methods can identify malicious patterns and activities, offering a significant advancement over static analysis by detecting and mitigating threats as they occur. This thesis introduces an innovative runtime analysis method for JavaScript that encompasses all JavaScript executions, including traditionally on-the-fly generated code and advanced evasion techniques. Our approach centrally applies the security reference monitor technique, which mediates JavaScript’s security-sensitive operations during execution. This includes closely monitoring function calls and property access, ensuring a thorough capture of runtime behaviors, and effectively mitigating the risk of attack, regardless of the code’s structure or the obfuscation techniques employed. We have implemented this method as an extension in the Chromium browser to intercept and log about 59 security-sensitive JavaScript operations, demonstrating its applicability in a real-world web browsing environment. To evaluate the effectiveness of our framework, we have developed a toolset to automate the execution of the Chromium browser with our extension on a large-scale raw dataset of approximately 13,900 malicious and 13,500 benign websites. We counted the number of executions of each operation for each website as features and collected approximately 27,000 labeled records to train machine learning models. Preliminary results underscore the effectiveness of our approach, pinpointing malicious JavaScript content with a promising accuracy rate.
Phu Phung (Advisor)
Zhongmei Yao (Committee Member)
Tianming Zhao (Committee Member)
Computer Science
Malware analysis, browser APIs, Javascript APIs, dynamic analysis, security, malware detection, behavioral analysis, evasion.

Recommended Citations

Citations

  • Varghese, A. (2023). A Dynamic Analysis Framework for Classifying Malicious Webpages [Master's thesis, University of Dayton]. OhioLINK Electronic Theses and Dissertations Center. http://rave.ohiolink.edu/etdc/view?acc_num=dayton1702309597314385

    APA Style (7th edition)

  • Varghese, Allen. A Dynamic Analysis Framework for Classifying Malicious Webpages. 2023. University of Dayton, Master's thesis. OhioLINK Electronic Theses and Dissertations Center, http://rave.ohiolink.edu/etdc/view?acc_num=dayton1702309597314385.

    MLA Style (8th edition)

  • Varghese, Allen. "A Dynamic Analysis Framework for Classifying Malicious Webpages." Master's thesis, University of Dayton, 2023. http://rave.ohiolink.edu/etdc/view?acc_num=dayton1702309597314385

    Chicago Manual of Style (17th edition)

dayton1702309597314385
© , all rights reserved.
This open access ETD is published by University of Dayton and OhioLINK.