基于浏览器扩展的Drive-by Download防御方法-《计算机技术与发展》

文章信息/Info

Title:: Method of Preventing Drive-by Download Attack Based on Browser Extension

摘要:: 基于Web的病毒感染及扩散方法，目前成为了互联网中病毒传播的主要方式。 Drive-by Download攻击是其中一种非常常见的攻击方法。文中用浏览器扩展来监控用户下载文件的活动，从而建立相应的白表。同时在内核空间安装钩子，用于阻止非用户下载文件的执行，从而有效地防御Drive-by Download攻击。文中实现了一个在Windows操作系统上，基于Firefox扩展的原型系统：DPrevent(Drive-by Download Prevent)。实验表明，该系统的误报和漏报率都为零。同时因为它本身不需要知道具体的攻击方法，因此还可以有效地防御zero-day攻击。该系统的性能开销几乎为零，优于目前这方面的各种动态防御技术。

Abstract:: Web based malware infection and propagation method becomes the main way of virus's spreading in the Internet. Drive-by Download is one of the best known ways among them. Make use of the browser extension to monitor user's download file activities,to construct the white list. In addition to this,install a hook in the kernel space to prevent unauthorized file to execute,so as to block the Drive-by Download attacks. It has implemented a prototype:DPrevent (Drive-by Download Prevent),which is based on the Firefox ex-tension,for the Microsoft Windows platform. The experiment demonstrates that,the false positive and false negative of the DPrevent are both zero. Since of the agnostic for the attack method,it can also defend the zero-day attacks. The overhead of DPrevent is almost zero, which is better than the other dynamic skills in this area.