TY - GEN
T1 - Behavior decomposition
T2 - 16th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2013
AU - Zhao, Bin
AU - Liu, Peng
PY - 2013
Y1 - 2013
N2 - Browser extensions are widely used by millions of users. However, large amount of extensions can be downloaded from webstores without sufficient trust or safety scrutiny, which keeps users from differentiating benign extensions from malicious ones. In this paper, we propose an aspect-level behavior clustering approach to enhancing the safety management of extensions. We decompose an extension's runtime behavior into several pieces, denoted as AEBs (Aspects of Extension Behavior). Similar AEBs of different extensions are grouped into an "AEB cluster" based on subgraph isomorphism. We then build profiles of AEB clusters for both extensions and categories (of extensions) to detect suspicious extensions. To the best of our knowledge, this is the first study to do aspect-level extension clustering based on runtime behaviors. We evaluate our approach with more than 1,000 extensions and demonstrate that it can effectively and efficiently detect suspicious extensions.
AB - Browser extensions are widely used by millions of users. However, large amount of extensions can be downloaded from webstores without sufficient trust or safety scrutiny, which keeps users from differentiating benign extensions from malicious ones. In this paper, we propose an aspect-level behavior clustering approach to enhancing the safety management of extensions. We decompose an extension's runtime behavior into several pieces, denoted as AEBs (Aspects of Extension Behavior). Similar AEBs of different extensions are grouped into an "AEB cluster" based on subgraph isomorphism. We then build profiles of AEB clusters for both extensions and categories (of extensions) to detect suspicious extensions. To the best of our knowledge, this is the first study to do aspect-level extension clustering based on runtime behaviors. We evaluate our approach with more than 1,000 extensions and demonstrate that it can effectively and efficiently detect suspicious extensions.
UR - http://www.scopus.com/inward/record.url?scp=84888361187&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84888361187&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-41284-4_13
DO - 10.1007/978-3-642-41284-4_13
M3 - Conference contribution
AN - SCOPUS:84888361187
SN - 9783642412837
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 244
EP - 264
BT - Research in Attacks, Intrusions, and Defenses - 16th International Symposium, RAID 2013, Proceedings
Y2 - 23 October 2013 through 25 October 2013
ER -