@inproceedings{karanth2011zdvue,
author = {Karanth, Sandeep and Laxman, Srivatsan and Naldurg, Prasad and Venkatesan, Ramarathnam},
title = {ZDVUE: Prioritization of JavaScript Attacks To Discover New Vulnerabilities},
booktitle = {Proceedings of the Fourth ACM Workshop on Artificial Intelligence and Security (AISEC 2011)},
year = {2011},
month = {October},
abstract = {Malware writers are constantly looking for new vulnerabilities to exploit in popular software applications. A successful exploit of a previously unknown vulnerability, that evades state-of-the art anti-virus and intrusion-detection systems is called a zero-day vulnerability. JavaScript is a popular vehicle for testing and delivering attacks through drive-by downloads on web clients. Failed attack attempts leave traces of suspicious activity on victim machines. We present ZDVUE, a tool for automatic prioritization of suspicious JavaScript traces, which can lead to early detection of potential zero-day vulnerabilities. Our algorithm uses a combination of correlation analysis and mixture modeling for fast and robust prioritization of suspicious JavaScript samples. On data collected between June and November 2009, ZDVUE identified a new zero-day vulnerability and its variant in its top results, as well as revealed many new anti-virus signatures. ZDVUE is used in our organization on a routine basis to automatically filter, analyze, and prioritize thousands of downloaded JavaScript files, for information to update anti-virus signatures and to find new zero-day vulnerabilities.},
publisher = {ACM},
url = {http://approjects.co.za/?big=en-us/research/publication/zdvue-prioritization-of-javascript-attacks-to-discover-new-vulnerabilities/},
edition = {Proceedings of the Fourth ACM Workshop on Artificial Intelligence and Security (AISEC 2011)},
}