skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: A Novel Approach to Detecting and Mitigating Keyloggers
As the digital world gets increasingly ingrained in our daily lives, cyberattacks—especially those involving malware—are growing more complex and common, which calls for developing innovative safeguards. Keylogger spyware, which combines keylogging and spyware functionalities, is one of the most insidious types of cyberattacks. This malicious software stealthily monitors and records user keystrokes, amassing sensitive data, such as passwords and confidential personal information, which can then be exploited. This research introduces a novel browser extension designed to effectively thwart keylogger spyware attacks. The extension is underpinned by a cutting-edge algorithm that meticulously analyzes input-related processes, promptly identifying and flagging any malicious activities. Upon detection, the extension empowers users with the immediate choice to terminate the suspicious process or validate its authenticity, thereby placing crucial real-time control in the hands of the end user. The methodology used guarantees the extension's mobility and adaptability across various platforms and devices. This paper extensively details the development of the browser extension, from its first conceptual design to its rigorous performance evaluation. The results show that the extension considerably strengthens end-user protection against cyber risks, resulting in a safer web browsing experience. The research substantiates the extension's efficacy and significant potential in reinforcing online security standards, demonstrating its ability to make web surfing safer through extensive analysis and testing.  more » « less
Award ID(s):
2321939
PAR ID:
10498360
Author(s) / Creator(s):
; ; ;
Publisher / Repository:
Proceedings of the IEEE SoutheastCon
Date Published:
Journal Name:
Proceedings of the IEEE SoutheastCon
Page Range / eLocation ID:
1071-1078
Format(s):
Medium: X
Location:
Atlanta, GA
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, Advances in intelligent systems and computing)
    Latifi, S. (Ed.)
    As the popularity of the internet continues to grow, along with the use of web browsers and browser extensions, the threat of malicious browser extensions has increased and therefore demands an effective way to detect and in turn prevent the installation of these malicious extensions. These extensions compromise private user information (including usernames and passwords) and are also able to compromise the user’s computer in the form of Trojans and other malicious software. This paper presents a method which combines machine learning and feature engineering to detect malicious browser extensions. By analyzing the static code of browser extensions and looking for features in the static code, the method predicts whether a browser extension is malicious or benign with a machine learning algorithm. Four machine learning algorithms (SVM, RF, KNN, and XGBoost) were tested with a dataset collected by ourselves in this study. Their detection performance in terms of different performance metrics are discussed. 
    more » « less
  2. ; ; ; ; (, IEEE Workshop on the Internet of Safe Things (SafeThings 2019))
    Personalized IoT adapt their behavior based on contextual information, such as user behavior and location. Unfortunately, the fact that personalized IoT adapt to user context opens a side-channel that leaks private information about the user. To that end, we start by studying the extent to which a malicious eavesdropper can monitor the actions taken by an IoT system and extract user’s private information. In particular, we show two concrete instantiations (in the context of mobile phones and smart homes) of a new category of spyware which we refer to as Context-Aware Adaptation Based Spyware (SpyCon). Experimental evaluations show that the developed SpyCon can predict users’ daily behavior with an accuracy of 90.3%. Being a new spyware with no known prior signature or behavior, traditional spyware detection that is based on code signature or system behavior are not adequate to detect SpyCon. We discuss possible detection and mitigation mechanisms that can hinder the effect of SpyCon. 
    more » « less
  3. ; ; ; ; ; ; (, Passive and Active Measurement)
    Header bidding (HB) is a relatively new online advertising technology that allows a content publisher to conduct a client-side (i.e., from within the end-user’s browser), real-time auction for selling ad slots on a web page. We developed a new browser extension for Chrome and Firefox to observe this in-browser auction process from the user’s perspective. We use real end-user measurements from 393,400 HB auctions to (a) quantify the ad revenue from HB auctions, (b) estimate latency overheads when integrating with ad exchanges and discuss their implications for ad revenue, and (c) break down the time spent in soliciting bids from ad exchanges into various factors and highlight areas for improvement. For the users in our study, we find that HB increases ad revenue for web sites by 28% compared to that in real-time bidding as reported in a prior work. We also find that the latency overheads in HB can be easily reduced or eliminated and outline a few solutions, and pitch the HB platform as an opportunity for privacy-preserving advertising. 
    more » « less
  4. ; ; ; ; (, Proceedings of the USENIX Security Symposium (USENIX Security))
    null (Ed.)
    Browser extensions enhance the web experience and have seen great adoption from users in the past decade. At the same time, past research has shown that online trackers can use various techniques to infer the presence of installed extensions and abuse them to track users as well as uncover sensitive information about them. In this work we present a novel extension-fingerprinting vector showing how style modifications from browser extensions can be abused to identify installed extensions. We propose a pipeline that analyzes extensions both statically and dynamically and pinpoints their injected style sheets. Based on these, we craft a set of triggers that uniquely identify browser extensions from the context of the visited page. We analyzed 116K extensions from Chrome's Web Store and report that 6,645 of them inject style sheets on any website that users visit. Our pipeline has created triggers that uniquely identify 4,446 of these extensions, 1,074 (24%) of which could not be fingerprinted with previous techniques. Given the power of this new extension-fingerprinting vector, we propose specific countermeasures against style fingerprinting that have minimal impact on the overall user experience. 
    more » « less
  5. ; ; ; ; (, Springer Nature Switzerland)
    In recent years, there has been a notable increase in the prevalence of malicious websites, leading to a majority of cyber-attacks and data breaches. Malicious websites often incorporate JavaScript code to execute attacks on web browsers. Despite existing methodologies documented in the literature, the analysis and detection of malicious JavaScript pose significant challenges due to the dynamic nature of JavaScript and the use of advanced evasion techniques. These challenges motivate the need for an innovative and efficient approach to comprehensively analyze the code to identify its malicious intent. In this paper, we introduce a monitoring approach for analyzing JavaScript code, which can capture all of the code’s features at runtime. Our method leverages the security reference monitor technique to mediate JavaScript security-sensitive executions, including function calls and property accesses. Therefore, the proposed method can capture behaviors at runtime regardless of how the code is written, even with recent advanced evasion techniques like WebAssembly diversification. We have implemented our approach as a JavaScript dynamic analysis framework called JSMBox in a Chromium-based browser extension. Our experiments demonstrated that JSMBox is capable of effectively countering sophisticated evasion techniques found in modern malicious JavaScript code, including WebAssembly diversification. We have also evaluated the framework’s ability to classify malicious behaviors based on a large-scale raw dataset comprising about 20,000 malicious and benign webpages. Our developed tool automatically launches the browser to execute these webpages, records JavaScript code execution events, and captures their execution frequency as extracted features. We have tested the extracted dataset with various machine-learning models, yielding promising experimental results that confirm the effectiveness of our approach and achieve a high accuracy rate. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email