Research Article
DeCore: Detecting Content Repurposing Attacks on Clients’ Systems
@INPROCEEDINGS{10.1007/978-3-642-16161-2_12, author={Smitha Sundareswaran and Anna Squicciarini}, title={DeCore: Detecting Content Repurposing Attacks on Clients’ Systems}, proceedings={Security and Privacy in Communication Networks. 6th Iternational ICST Conference, SecureComm 2010, Singapore, September 7-9, 2010. Proceedings}, proceedings_a={SECURECOMM}, year={2012}, month={5}, keywords={Content Repurposing Malware Web 2.0 Same Origin Policy Information Flow}, doi={10.1007/978-3-642-16161-2_12} }- Smitha Sundareswaran
Anna Squicciarini
Year: 2012
DeCore: Detecting Content Repurposing Attacks on Clients’ Systems
SECURECOMM
Springer
DOI: 10.1007/978-3-642-16161-2_12
Abstract
Web 2.0 platforms are ubiquitously used to share content and personal information, which makes them an inviting and vulnerable target of hackers and phishers alike. In this paper, we discuss an emerging class of attacks, namely content repurposing attacks, which specifically targets sites that host user uploaded content on Web 2.0 sites. This latent threat is poorly addressed, if at all, by current protection systems, both at the remote sites and at the client ends. We design and develop an approach that protects from content repurposing attacks at the client end. As we show through a detailed evaluation, our solution promptly detects and stops various types of attacks and adds no overhead to the user’s local machine or browser where it resides. Further, our approach is light-weight and does not invasively monitor all the user interactions with the browser, providing an effective protection against these new and powerful attacks.