SpyProxy: Execution-based Detection of MaliciousWeb Content by Alexander Moshchuk, Tanya Bragin, Damien Deville,Steven D. Gribble, Henry M. Levy
AUTHORS' DESCRIPTION
This paper explores the use of execution-based Web content analysis to protect users from Internet-borne malware. Many anti-malware tools use signatures to identify malware infections on a user’s PC. In contrast, our approach is to render and observe active Web content in a disposable virtual machine before it reaches the user’s browser, identifying and blocking pages whose behavior is suspicious. Execution-based analysis can defend against undiscovered threats and zero-day attacks. However, our approach faces challenges, such as achieving good interactive performance, and limitations, such as defending against maliciousWeb content that contains non-determinism. Read the full article
by Alexander Moshchuk, Tanya Bragin, Damien Deville,Steven D. Gribble, Henry M. Levy
AUTHORS' DESCRIPTIONThis paper explores the use of execution-based Web content analysis to protect users from Internet-borne malware. Many anti-malware tools use signatures to identify malware infections on a user’s PC. In contrast, our approach is to render and observe active Web content in a disposable virtual machine before it reaches the user’s browser, identifying and blocking pages whose behavior is suspicious. Execution-based analysis can defend against undiscovered threats and zero-day attacks. However, our approach faces challenges, such as achieving good interactive performance, and limitations, such as defending against maliciousWeb content that contains non-determinism.








