International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part I

Research Article

A Simple and Novel Technique for Counteracting Exploit Kits

Download
570 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-23829-6_19,
        author={Byungho Min and Vijay Varadharajan},
        title={A Simple and Novel Technique for Counteracting Exploit Kits},
        proceedings={International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part I},
        proceedings_a={SECURECOMM},
        year={2015},
        month={11},
        keywords={Exploit kit Malware Web browser security},
        doi={10.1007/978-3-319-23829-6_19}
    }
    
  • Byungho Min
    Vijay Varadharajan
    Year: 2015
    A Simple and Novel Technique for Counteracting Exploit Kits
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-23829-6_19
Byungho Min1,*, Vijay Varadharajan1,*
  • 1: Macquarie University
*Contact email: byungho.min@mq.edu.au, vijay.varadharajan@mq.edu.au

Abstract

Exploit kits have become a major cyber threat over the last few years. They are widely used in both massive and highly targeted cyber attack operations. The exploit kits make use of multiple exploits for major web browsers like Internet Explorer and popular browser plugins such as Adobe Flash and Reader. In this paper, a proactive approach to preventing this prevalent cyber threat from triggering their exploits is proposed. The suggested new technique called proactively protects vulnerable systems using a fundamental characteristic of the exploit kits. Specifically, it utilises of web browsers and browser plugins. is a zero-configuration solution, which means that users do not need to configure anything after installing it. In addition, it is an easy-to-employ methodology from the perspective of plugin developers. We have implemented a lightweight prototype and have shown that enabled vulnerable systems can counteract 50 real-world and one locally deployed exploit kit URLs. Tested exploit kits include popular and well-maintained ones such as Blackhole 2.0, Redkit, Sakura, Cool and Bleeding Life 2. We have also demonstrated that the false positive rate of is virtually zero, and it is robust enough to be effective against real web browser plugin scanners.