TROGUARD: Context-aware protection against web-based socially engineered trojans

Rui Han, Alejandro Mesa, Mihai Christodorescu, Saman Zonouz

Research output: Contribution to conferencePaper

Abstract

Despite the increasing number of social engineering attacks through web browser applications, detection of socially engineered trojan downloads by enticed victim users remains a challenging endeavor. In this paper, we present TROGUARD, a semi-automated web-based trojan detection solution, that notifies the user if the application she downloaded behaves differently than what she expected at download time. TROGUARD builds on the hypothesis that in spite of millions of currently downloadable executables on the Internet, almost all of them provide functionalities from a limited set. Additionally, because each functionality, e.g., text editor, requires particular system resources, it exhibits a unique system-level activity pattern. During an offline process, TROGUARD creates a profile dictionary of various functionalities. This profile dictionary is then used to warn the user if she downloads an executable whose observed activity does not match its advertised functionality (extracted through automated analysis of the download website). Our experimental results prove the above mentioned premise empirically and show that TROGUARD can identify real-world socially engineered trojan download attacks effectively.

Original languageEnglish (US)
Pages66-75
Number of pages10
DOIs
StatePublished - Dec 8 2014
Event30th Annual Computer Security Applications Conference, ACSAC 2014 - New Orleans, United States
Duration: Dec 8 2014Dec 12 2014

Other

Other30th Annual Computer Security Applications Conference, ACSAC 2014
CountryUnited States
CityNew Orleans
Period12/8/1412/12/14

Fingerprint

Glossaries
File editors
Web browsers
Websites
Internet

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Cite this

Han, R., Mesa, A., Christodorescu, M., & Zonouz, S. (2014). TROGUARD: Context-aware protection against web-based socially engineered trojans. 66-75. Paper presented at 30th Annual Computer Security Applications Conference, ACSAC 2014, New Orleans, United States. https://doi.org/10.1145/2664243.2664270
Han, Rui ; Mesa, Alejandro ; Christodorescu, Mihai ; Zonouz, Saman. / TROGUARD : Context-aware protection against web-based socially engineered trojans. Paper presented at 30th Annual Computer Security Applications Conference, ACSAC 2014, New Orleans, United States.10 p.
@conference{c256aea59f684e5bb851e36e7cd23ec1,
title = "TROGUARD: Context-aware protection against web-based socially engineered trojans",
abstract = "Despite the increasing number of social engineering attacks through web browser applications, detection of socially engineered trojan downloads by enticed victim users remains a challenging endeavor. In this paper, we present TROGUARD, a semi-automated web-based trojan detection solution, that notifies the user if the application she downloaded behaves differently than what she expected at download time. TROGUARD builds on the hypothesis that in spite of millions of currently downloadable executables on the Internet, almost all of them provide functionalities from a limited set. Additionally, because each functionality, e.g., text editor, requires particular system resources, it exhibits a unique system-level activity pattern. During an offline process, TROGUARD creates a profile dictionary of various functionalities. This profile dictionary is then used to warn the user if she downloads an executable whose observed activity does not match its advertised functionality (extracted through automated analysis of the download website). Our experimental results prove the above mentioned premise empirically and show that TROGUARD can identify real-world socially engineered trojan download attacks effectively.",
author = "Rui Han and Alejandro Mesa and Mihai Christodorescu and Saman Zonouz",
year = "2014",
month = "12",
day = "8",
doi = "https://doi.org/10.1145/2664243.2664270",
language = "English (US)",
pages = "66--75",
note = "30th Annual Computer Security Applications Conference, ACSAC 2014 ; Conference date: 08-12-2014 Through 12-12-2014",

}

Han, R, Mesa, A, Christodorescu, M & Zonouz, S 2014, 'TROGUARD: Context-aware protection against web-based socially engineered trojans' Paper presented at 30th Annual Computer Security Applications Conference, ACSAC 2014, New Orleans, United States, 12/8/14 - 12/12/14, pp. 66-75. https://doi.org/10.1145/2664243.2664270

TROGUARD : Context-aware protection against web-based socially engineered trojans. / Han, Rui; Mesa, Alejandro; Christodorescu, Mihai; Zonouz, Saman.

2014. 66-75 Paper presented at 30th Annual Computer Security Applications Conference, ACSAC 2014, New Orleans, United States.

Research output: Contribution to conferencePaper

TY - CONF

T1 - TROGUARD

T2 - Context-aware protection against web-based socially engineered trojans

AU - Han, Rui

AU - Mesa, Alejandro

AU - Christodorescu, Mihai

AU - Zonouz, Saman

PY - 2014/12/8

Y1 - 2014/12/8

N2 - Despite the increasing number of social engineering attacks through web browser applications, detection of socially engineered trojan downloads by enticed victim users remains a challenging endeavor. In this paper, we present TROGUARD, a semi-automated web-based trojan detection solution, that notifies the user if the application she downloaded behaves differently than what she expected at download time. TROGUARD builds on the hypothesis that in spite of millions of currently downloadable executables on the Internet, almost all of them provide functionalities from a limited set. Additionally, because each functionality, e.g., text editor, requires particular system resources, it exhibits a unique system-level activity pattern. During an offline process, TROGUARD creates a profile dictionary of various functionalities. This profile dictionary is then used to warn the user if she downloads an executable whose observed activity does not match its advertised functionality (extracted through automated analysis of the download website). Our experimental results prove the above mentioned premise empirically and show that TROGUARD can identify real-world socially engineered trojan download attacks effectively.

AB - Despite the increasing number of social engineering attacks through web browser applications, detection of socially engineered trojan downloads by enticed victim users remains a challenging endeavor. In this paper, we present TROGUARD, a semi-automated web-based trojan detection solution, that notifies the user if the application she downloaded behaves differently than what she expected at download time. TROGUARD builds on the hypothesis that in spite of millions of currently downloadable executables on the Internet, almost all of them provide functionalities from a limited set. Additionally, because each functionality, e.g., text editor, requires particular system resources, it exhibits a unique system-level activity pattern. During an offline process, TROGUARD creates a profile dictionary of various functionalities. This profile dictionary is then used to warn the user if she downloads an executable whose observed activity does not match its advertised functionality (extracted through automated analysis of the download website). Our experimental results prove the above mentioned premise empirically and show that TROGUARD can identify real-world socially engineered trojan download attacks effectively.

UR - http://www.scopus.com/inward/record.url?scp=84954489334&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84954489334&partnerID=8YFLogxK

U2 - https://doi.org/10.1145/2664243.2664270

DO - https://doi.org/10.1145/2664243.2664270

M3 - Paper

SP - 66

EP - 75

ER -

Han R, Mesa A, Christodorescu M, Zonouz S. TROGUARD: Context-aware protection against web-based socially engineered trojans. 2014. Paper presented at 30th Annual Computer Security Applications Conference, ACSAC 2014, New Orleans, United States. https://doi.org/10.1145/2664243.2664270