Behavior decomposition: Aspect-level browser extension clustering and its security implications

Bin Zhao, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

Browser extensions are widely used by millions of users. However, large amount of extensions can be downloaded from webstores without sufficient trust or safety scrutiny, which keeps users from differentiating benign extensions from malicious ones. In this paper, we propose an aspect-level behavior clustering approach to enhancing the safety management of extensions. We decompose an extension's runtime behavior into several pieces, denoted as AEBs (Aspects of Extension Behavior). Similar AEBs of different extensions are grouped into an "AEB cluster" based on subgraph isomorphism. We then build profiles of AEB clusters for both extensions and categories (of extensions) to detect suspicious extensions. To the best of our knowledge, this is the first study to do aspect-level extension clustering based on runtime behaviors. We evaluate our approach with more than 1,000 extensions and demonstrate that it can effectively and efficiently detect suspicious extensions.

Original languageEnglish (US)
Title of host publicationResearch in Attacks, Intrusions, and Defenses - 16th International Symposium, RAID 2013, Proceedings
Pages244-264
Number of pages21
DOIs
StatePublished - 2013
Event16th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2013 - Rodney Bay, Saint Lucia
Duration: Oct 23 2013Oct 25 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8145 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other16th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2013
Country/TerritorySaint Lucia
CityRodney Bay
Period10/23/1310/25/13

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Behavior decomposition: Aspect-level browser extension clustering and its security implications'. Together they form a unique fingerprint.

Cite this