Last-minute presentations:

14:00 - 14:30 Human-based computation: how crowd-sourcing can solve some of the trickiest security problems Sumesh Jaiswal, Symantec
14:30 - 15:00 WebStalker - detection of malicious web pages through monitoring web browser behaviour Minseong Kim, AhnLab

14:00 - 14:30 Human-based computation: how crowd-sourcing can solve some of the trickiest security problems, Sumesh Jaiswal, Symantec

Download slides.

Human-based computation (HBC) is a class of hybrid techniques where a computer program outsources certain steps of its function to humans. Normally a person asks a computer to perform a certain task and receives the result. However not all problems can be accurately solved by computers and this is where HBC reverses roles by giving those unsolvable parts back to humans. HBC is used by Google to label billions of images in its archives by making people play online games that actually label images for Google.

In the security space we regularly come across problems that cannot be completely solved by computers and are good candidates for HBC. This paper discusses solutions to four such problems in the security domain: phishing website identification, typo-analysis, data classification and spam identification. There are two operational models that work well with HBC: paid (such as Amazon's Mechanical Turk) and game-based (such as Google Image Labeler).

Automated methods for identifying phishing websites suffer from poor accuracy. This paper describes an HBC game that displays screenshots of genuine and suspected phishing websites to human players who accurately identify phishing websites while playing the game.

Keyboard typographical analysis is a critical step in developing statistical models to detect cyber-squatting. This requires collection and analysis of the keyboard typographical error patterns of millions of users and is an excellent problem for HBC to solve. We present an HBC-based online game that collects this data that is ultimately used to develop probabilistic and statistical models to detect and rank URL and email typos.

Data classification based on machine-learning techniques is a task which requires humans to pre-classify a training corpus. We present this problem in the form of an HBC game that is capable of pre-classifying huge corpora in a very short period of time.

While existing anti-spam technologies easily handle textual spam, they are ineffective when it comes to image spam, VoIP spam and video spam. The fourth HBC-based game described in this paper has been designed to accurately identify such spam using real human users.

14:30 - 15:00 WebStalker - detection of malicious web pages through monitoring web browser behaviour, Minseong Kim, AhnLab

Download slides.

Most anti-virus programs use signature-based approaches to detect a malicious web page as well as a malicious binary file. Unfortunately, the signature-based approaches are not as effective when they come to a malicious web page. The content of a malicious web page is armed with obfuscation or transformation so that it can disguise itself easily and evade detection. It is becoming a challenging problem which most anti-virus venders are facing.

In this paper, we propose a new novel approach called WebStalker to monitor web browser behaviour. Since WebStalker records all the information on a web page while the web browser renders it, WebStalker gives us more information than any other similar tool. We can detect and block malicious web pages more easily even if the web page is obfuscated.

WebStalker consists of two key techniques. The first is to monitor events such as generating new objects, copying shellcode to memory, opening files and executing files. The second is to assign identifiers to objects or documents in a web page. We use the identifiers to build a logical structure of the web page. Through the structure, we can identify what objects the web page is composed of. And we can also trace back the logical structure to find out an object which has fired an event.

Our experiments demonstrate that WebStalker can effectively monitor web browser behaviour and detect malicious web pages.

del.icio.us

digg this

VB Conferences


	VB2013 (Berlin) VB2012 (Dallas) VB2011 (Barcelona) VB2010 (Vancouver) VB2009 (Geneva) Photos Programme Call Slides Sponsors VB2008 (Ottawa) VB2007 (Vienna) VB2006 (Montréal) VB2005 (Dublin) VB2004 (Chicago) VB2003 (Toronto) VB2002 (New Orleans) VB2001 (Prague) VB2000 (Orlando) VB99 (Vancouver) VB98 (Munich) VB97 (San Francisco) VB96 (Brighton) VB95 (Boston) VB94 (Jersey) VB93 (Amsterdam) VB92 (Edinburgh) VB91 (Jersey) ‘Great conference. Wish it were 1 day longer. Well run. Super gala, excellent networking, compelling topics.’

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

Virus Bulletin


	In this month's magazine: Living the meme If Svar is the answer... Static analysis of mobile malware And the devil is six: the security consequences of the switch to IPv6 Behind enemy lines: reporting from the CCC 28C3 Congress Subscribe now!

Virus Bulletin currently has 224,243 registered users.

Fighting malware and spam

Last-minute presentations:

VB2013 (Berlin)

VB2012 (Dallas)

VB2011 (Barcelona)

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)