Zhang Lan

Abstract:At present,computer viruses have already been an important issue which plagued computer system security.This paper preliminary analysis the principle of autorun.inf virus,gives effective killing methods and means of prevention to reduce the harm caused by the virus autorun.inf.

Computer Science

Hong CHEN,Weiwei YANG,Jiankun SHI,Weiqiang LIN

DOI: https://doi.org/10.16400/j.cnki.kjdkz.2015.07.086

2015-01-01

Abstract:In order to reduce the harm of the computer virus, the proposal is presented to cut off the computer virus' lifecycle based on the working principles of the computer virus. The effective strategy is to implement the defense mechanism during the design stage, the propagation phase and the operation phase with the safety education, which demonstrates it is effective to reduce the average probability of poisoning about 23%and the percentage of working hours is improved 25%in lab of uni-versities and colleges.

刘杰,刘济林

DOI: https://doi.org/10.3321/j.issn:1008-9497.2004.05.013

2004-01-01

Abstract:TEMPEST ATTACK threat on the computer information security is analyzed. The fundamental electromagnetic radiation models are set up. The information leakage problems are discussed in detail. The information eavesdropping caused by TEMPEST ATTACK from computer display units, peripherals host computer, and computer virus are investigated. Finally, some countermeasures are introduced against the TEMPEST ATTACK.

Bingnan HOU,Yan? YU,Jiashun WU

2015-01-01

Journal of Computer Applications

Abstract:Malicious Web pages that host drive-by-download exploits have become the popular means for compromising hosts and creating botnets on the Internet. In drive-by-download exploits, attackers embed malicious JavaScript code into a Web page. When a victim visits this page, the script is executed and attempts to compromise the browser or one of its plugins. This paper proposed a detection and analysis method of malicious JavasScript code based on pre-filter called JSFEA which suits for large-scale Web page detection. JSFEA used static analysis techniques to quickly examine a Web page for determining whether it”s suspicious or not. If it is determined suspicious then put it into dynamic detection. The study shows that JSFEA is able to reduce the load on a more costly dynamic analysis by more than 85%, with a low false positive rate.

Chengyu Song,Jianwei Zhuge,Xinhui Han,Zhiyuan Ye

DOI: https://doi.org/10.1145/1755688.1755705

2010-01-01

Abstract:Drive-by download attack is one of the most severe threats to Internet users. Typically, only visiting a malicious page will result in compromise of the client and infection of malware. By the end of 2008, drive-by download had already become the number one infection vector of malware [5]. The downloaded malware may steal the users' personal identification and password. They may also join botnet to send spams, host phishing site or launch distributed denial of service attacks. Generally, these attacks rely on successful exploits of the vulnerabilities in web browsers or their plug-ins. Therefore, we proposed an inter-module communication monitoring based technique to detect malicious exploitation of vulnerable components thus preventing the vulnerability being exploited. We have implemented a prototype system that was integrated into the most popular web browser Microsoft Internet Explorer. Experimental results demonstrate that, on our test set, by using vulnerability-based signature, our system could accurately detect all attacks targeting at vulnerabilities in our definitions and produced no false positive. The evaluation also shows the performance penalty is kept low.

Yinzhi Cao,Vinod Yegneswaran,Phillip Porras,Yan Chen

DOI: https://doi.org/10.1145/2046707.2093483

2011-01-01

Abstract:Worms exploiting JavaScript XSS vulnerabilities rampantly infect millions of webpages, while drawing the ire of helpless users. To date, users across all of the popular social networks, including FaceBook, MySpace, Orkut and Twitters, have been vulnerable to XSS worms. We propose PathCutter as a new approach to severing the self-propagation path of JavaScript worms. PathCutter works by blocking two critical steps in the propagation path of an XSS worm: (i) DOM access to different views at the client-side and (ii) unauthorized HTTP request to the server. As a result, although an XSS vulnerability is successfully exercised at the client, the XSS worm is prevented from successfully propagating to the would be victim's own social network page. PathCutter is effective against all of the current forms of XSS worms, including those that exploit traditional XSS, DOM-based XSS, and content sniffing XSS vulnerabilities. We demonstrate PathCutter using WordPress and perform a preliminary evaluation on a proof-of-concept JavaScript Worm.

WANG Si-si,YANG Tong,QIAO Xiang-dong,ZHAO Xiao-hua

DOI: https://doi.org/10.3969/j.issn.1006-9348.2010.03.030

2010-01-01

Abstract:With the rapid development of Internet,computer viruses are becoming increasingly rampant.There are kinds of viruses.The variants and kill-free of viruses can be easily produced with some simple tools,therefore network security line of defense is facing an increasingly severe test.ARP virus is a computer virus based on the ARP protocol loophole,which will cause local LAN communication disordering.First,the basic principles of the ARP protocol are introduced,and the ARP protocol loophole is analyzed.Second,the principle of such virus attacks is researched.Third,programming and simulation of such virus attacks are achieved,and the experiment shows that the simulation is effective.Finally,three solutions are proposed to prevent ARP attacks.

Rui-zhi TIAN,Bing MAO,Li XIE

DOI: https://doi.org/10.3969/j.issn.1673-629X.2014.02.032

2014-01-01

Abstract:Web based malware infection and propagation method becomes the main way of virus's spreading in the Internet. Drive-by Download is one of the best known ways among them. Make use of the browser extension to monitor user's download file activities,to construct the white list. In addition to this,install a hook in the kernel space to prevent unauthorized file to execute,so as to block the Drive-by Download attacks. It has implemented a prototype:DPrevent (Drive-by Download Prevent),which is based on the Firefox ex-tension,for the Microsoft Windows platform. The experiment demonstrates that,the false positive and false negative of the DPrevent are both zero. Since of the agnostic for the attack method,it can also defend the zero-day attacks. The overhead of DPrevent is almost zero, which is better than the other dynamic skills in this area.

Guangliang Yang,Jeff Huang,Guofei Gu

2019-01-01

Abstract:In this paper, we present a novel class of Android WebView vulnerabilities (called Differential Context Vulnerabilities or DCVs) associated with web iframe/popup behaviors. To demonstrate the security implications of DCVs, we devise several novel concrete attacks. We show an untrusted web iframe/popup inside WebView becomes dangerous that it can launch these attacks to open holes on existing defense solutions, and obtain risky privileges and abilities, such as breaking web messaging integrity, stealthily accessing sensitive mobile functionalities, and performing phishing attacks.Then, we study and assess the security impacts of DCVs on real-world apps. For this purpose, we develop a novel technique, DCV-Hunter, that can automatically vet Android apps against DCVs. By applying DCV-Hunter on a large number of most popular apps, we find DCVs are prevalent. Many high-profile apps are verified to be impacted, such as Facebook, Instagram, Facebook Messenger, Google News, Skype, Uber, Yelp, and U.S. Bank. To mitigate DCVs, we design a multilevel solution that enhances the security of WebView. Our evaluation on real-world apps shows the mitigation solution is effective and scalable, with negligible overhead.

ZHENG Hui,DUAN Haixin

2004-01-01

Abstract:Most of researches focus on modeling and detection of the Internet worm propagation, but in practice, the final objects are containment and elimination of Internet worm, which have not received enough research effects. In this paper, three categories of active technologies to contain Internet worm were introduced: vaccination for containing susceptible machines, forcing shutdown for containing infected machines, and bidirectional leading for containing worm spreading traffic. These technologies can be adopted to construct one or more automated Internet worm defense systems in any phase of Internet worm defense: prevention, detection, containment and elimination. Our experiment in large scale network shows that when combined with those active technologies, automated Internet worm defense systems are more effective to contain the Internet worm and to shorten the defense time.

Yanpeng Cui,Junjie Cui,Jianwei Hu

DOI: https://doi.org/10.1145/3383972.3384027

2020-02-15

Abstract:With the popularity of web technology, web applications become more increasingly vulnerable and are exposed to malicious attacks. Cross Site Scripting(XSS) is a typical attack in web applications. When a vulnerability is exploited, an attacker may perform session-hijacking, cookie-stealing, malicious redirection and malware spreading. It is essential to implement detect and defend against XSS attacks. In this paper, we focus on XSS attacks and give an introduction of its injection, detection and prevention. Firstly, we introduced the attack principle of different types of XSS, and then investigated and introduced some existing XSS detection and defense methods. In addition, we compared existing XSS detection and defense methods. Finally, we discuss existing issues and estimate future research trends.

Zhiqiang Lin,Bing Mao,Li Xie

DOI: https://doi.org/10.1109/ARES.2006.11

2006-01-01

Abstract:Many security attacks are caused by software vulnerabilities such as buffer overflow. How to eliminate or mitigate these vulnerabilities, in particular with unstoppable software, is a great challenge for security researchers and practitioners. In this paper, we propose a practical framework to immunize software security vulnerabilities on the fly. We achieve the vulnerability immunization by using a security antibody, which can be implemented independently from the protected software and is used to defend against vulnerability exploitation attacks. And we employ in-core patching technique to attach the antibody quietly into running process, and hence we neither need to re-compile nor re-execute the protected software. The effectiveness of our framework depends on the effectiveness of the antibody that is implemented by redirecting flaw functions into secure ones. As a proof of concept, we have built a prototype and applied it to prevent the software from buffer overflow attacks. Preliminary experimental results show that our framework is practical and efficient for the dynamical immunization of software security vulnerabilities.

Zhenhao Tang,Juan Zhai,Minxue Pan,Yousra Aafer,Shiqing Ma,Xiangyu Zhang,Jianhua Zhao

DOI: https://doi.org/10.1145/3238147.3238221

2018-01-01

Abstract:Modern Android malwares tend to use advanced techniques to cover their malicious behaviors. They usually feature multi-staged, condition-guarded and environment-specific payloads. An increasing number of them utilize WebView, particularly the two-way communications between Java and JavaScript, to evade detection and analysis of existing techniques. We propose Dual-Force, a forced execution technique which simultaneously forces both Java and JavaScript code of WebView applications to execute along various paths without requiring any environment setup or providing any inputs manually. As such, the hidden payloads of WebView malwares are forcefully exposed. The technique features a novel execution model that allows forced execution to suppress exceptions and continue execution. Experimental results show that Dual-Force precisely exposes malicious payload in 119 out of 150 WebView malwares. Compared to the state-of-the-art, Dual-Force can expose 23% more malicious behaviors.

Yinzhi Cao,Xiang Pan,Yan Chen,Jianwei Zhuge

DOI: https://doi.org/10.1145/2664243.2664256

2014-01-01

Abstract:Drive-by download attacks, which exploit vulnerabilities of web browsers to control client computers, have become a major venue for attackers. To detect such attacks, researchers have proposed many approaches such as anomaly-based [22, 23] and vulnerability-based [44, 50] detections. However, anomaly-based approaches are vulnerable to data pollution, and existing vulnerability-based approaches cannot accurately describe the vulnerability condition of all the drive-by download attacks. In this paper, we propose a vulnerability-based approach, namely JShield, which uses novel opcode vulnerability signature, a deterministic finite automaton (DFA) with a variable pool at opcode level, to match drive-by download vulnerabilities. We investigate all the JavaScript engine vulnerabilities of web browsers from 2009 to 2014, as well as those of portable document files (PDF) readers from 2007 to 2014. JShield is able to match all of those vulnerabilities; furthermore, the overall evaluation shows that JShield is so lightweight that it only adds 2.39 percent of overhead to original execution as the median among top 500 Alexa web sites.

Fangzhou Wu,Shutong Wu,Yulong Cao,Chaowei Xiao

2024-02-27

Abstract:With the fast development of large language models (LLMs), LLM-driven Web Agents (Web Agents for short) have obtained tons of attention due to their superior capability where LLMs serve as the core part of making decisions like the human brain equipped with multiple web tools to actively interact with external deployed websites. As uncountable Web Agents have been released and such LLM systems are experiencing rapid development and drawing closer to widespread deployment in our daily lives, an essential and pressing question arises: "Are these Web Agents secure?". In this paper, we introduce a novel threat, WIPI, that indirectly controls Web Agent to execute malicious instructions embedded in publicly accessible webpages. To launch a successful WIPI works in a black-box environment. This methodology focuses on the form and content of indirect instructions within external webpages, enhancing the efficiency and stealthiness of the attack. To evaluate the effectiveness of the proposed methodology, we conducted extensive experiments using 7 plugin-based ChatGPT Web Agents, 8 Web GPTs, and 3 different open-source Web Agents. The results reveal that our methodology achieves an average attack success rate (ASR) exceeding 90% even in pure black-box scenarios. Moreover, through an ablation study examining various user prefix instructions, we demonstrated that the WIPI exhibits strong robustness, maintaining high performance across diverse prefix instructions.

Cryptography and Security,Artificial Intelligence

SUN Le-chang,CAI Ming,JIANG Xin

DOI: https://doi.org/10.3969/j.issn.1001-3695.2007.01.060

2007-01-01

Abstract:To prevent multi networm is an urgent problem in network security field.Based on the analysis of prevention and cure technologies in existence,the intelligent system for anti internet worm is designed to multi networm.Firstly,this article gives the architecture of system,and its work flow.Secondly,the paper expounds the intelligent prevention and cure center.At last,the sort,transformation and communication of intelligent vaccine are discussed in detail.

Haibin Hu

DOI: https://doi.org/10.1063/1.4982570

2017-01-01

AIP Conference Proceedings

Abstract:Among numerous WEB security issues, SQL injection is the most notable and dangerous. In this study, characteristics and procedures of SQL injection are analyzed, and the method for detecting the SQL injection attack is illustrated. The defense resistance and remedy model of SQL injection attack is established from the perspective of non-intrusive SQL injection attack and defense. Moreover, the ability of resisting the SQL injection attack of the server has been comprehensively improved through the security strategies on operation system, IIS and database, etc.. Corresponding codes are realized. The method is well applied in the actual projects.

Ding Zhi

Abstract:This paper briefly introduces the connotations, types and features of computer virus,in the light of the prevention of the network virus, probes into the system virus prevention, the terminal users' virus prevention, and the server's virus prevention, etc., and expounds the developing tendency of the products for the network virus prevention.

Biology,Computer Science

Yongzhen Li,Gaolong Wang

DOI: https://doi.org/10.1109/ISAIEE57420.2022.00089

2022-12-01

Abstract:With the rapid development of the internet in China, we are dealing with web sites all the time, but with this comes the increasing vulnerability of various web applications. The vulnerability of web applications can be used to steal information, account theft and fraud, threatening the security of web applications. Therefore, the security detection of web applications is particularly important. This paper introduces the background of today's web application scanning technology, analyses the importance of securing web sites, and focuses on the history and future development trends of web application vulnerability scanning at home and abroad. The system is based on the OWASP Top 10 vulnerabilities of SQL injection and XSS, which have a large impact. By analysing the risks and principles of these two vulnerabilities, a scanning system is designed to run on the Windows platform.

Computer Science

闫峰冰,王兴军

DOI: https://doi.org/10.3969/j.issn.1002-8692.2010.07.021

2010-01-01

Abstract:A new Internet-based PC video content protection method is introduced. And a user behavior analysis certification system is proposed. The system is based on user history behavior, and can calculate the user credibility as certification evaluation criteria. The certification reliability is improved in this system. Meanwhile, the video block encryption algorithm and watermark are also used in this method to ensure the security.