Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

HoneyAgent: Detecting malicious java applets by using dynamic analysis

: Gassen, J.; Chapman, J.P.


Institute of Electrical and Electronics Engineers -IEEE-; IEEE Computer Society:
9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014. Proceedings : 28-30 October 2014, Fajardo, Puerto Rico, USA
Piscataway, NJ: IEEE, 2014
ISBN: 978-1-4799-7328-6 (Print)
ISBN: 978-1-4799-7329-3
International Conference on Malicious and Unwanted Software (MALCON) <9, 2014, Fajardo/Puerto Rico>
Fraunhofer FKIE ()

Malicious Java applets are widely used to deliver malicious software to remote systems. In this work, we present HoneyAgent which allows for the dynamic analysis of Java applets, bypassing common obfuscation techniques. This enables security researchers to quickly comprehend the functionality of an examined applet and to unveil malicious behavior. In order to trace the behavior of a sample as far as possible, HoneyAgent is further able to simulate various vulnerabilities allowing analysts for example to identify the malware that should finally be installed by the applet. In our evaluation, we show that HoneyAgent is able to reliably detect malicious applets used by common exploit kits with no false positives. By using a combination of heuristics as well as signatures applied to observed method invocations, HoneyAgent is further able to identify exploited common vulnerabilities and exposures in many cases.