Jan Gassen scite author profile

Jan Gassen

5Publications

60Citation Statements Received

19Citation Statements Given

How they've been cited

How they cite others

Affiliations

Fraunhofer Institute for Communication, Information Processing and Ergonomics

Publications

Order By: Most citations

PDF Scrutinizer: Detecting JavaScript-based attacks in PDF documents

Schmitt

Gassen

Gerhards-Padilla

2012

View full text Add to dashboard Cite

For a long time PDF documents have arrived in the everyday life of the average computer user, corporate businesses and critical structures, as authorities and military. Due to its wide spread in general, and because out-of-date versions of PDF readers are quite common, using PDF documents has become a popular malware distribution strategy. In this context, malicious documents have useful features: they are trustworthy, attacks can be camouflaged by inconspicuous document content, but still, they can often download and install malware undetected by firewall and anti-virus software. In this paper we present PDF Scrutinizer, a malicious PDF detection and analysis tool. We use static, as well as, dynamic techniques to detect malicious behavior in an emulated environment. We evaluate the quality and the performance of the tool with PDF documents from the wild, and show that PDF Scrutinizer reliably detects current malicious documents, while keeping a low false-positive rate and reasonable runtime performance.

show abstract

HoneyAgent: Detecting malicious Java applets by using dynamic analysis

Gassen

Chapman

2014

View full text Add to dashboard Cite

Malicious Java applets are widely used to deliver malicious software to remote systems. In this work, we present HoneyAgent which allows for the dynamic analysis of Java applets, bypassing common obfuscation techniques. This enables security researchers to quickly comprehend the functionality of an examined applet and to unveil malicious behavior. In order to trace the behavior of a sample as far as possible, HoneyAgent is further able to simulate various vulnerabilities allowing analysts for example to identify the malware that should finally be installed by the applet. In our evaluation, we show that HoneyAgent is able to reliably detect malicious applets used by common exploit kits with no false positives. By using a combination of heuristics as well as signatures applied to observed method invocations, HoneyAgent is further able to identify exploited common vulnerabilities and exposures in many cases.

show abstract

A honeypot for arbitrary malware on USB storage devices

Poeplau

Gassen

2012

View full text Add to dashboard Cite

Abstract-Malware is a serious threat for modern information technology. It is therefore vital to be able to detect and analyze such malicious software in order to develop contermeasures. Honeypots are a tool supporting that task-they collect malware samples for analysis. Unfortunately, existing honeypots concentrate on malware that spreads over networks, thus missing any malware that does not use a network for propagation.A popular network-independent technique for malware to spread is copying itself to USB flash drives. In this article we present Ghost, a new kind of honeypot for such USB malware. It detects malware by simulating a removable device in software, thereby tricking malware into copying itself to the virtual device. We explain the concept in detail and evaluate it using samples of wide-spread malware. We conclude that this new approach works reliably even for sophisticated malware, thus rendering the concept a promising new idea.

show abstract

Botnets, Cybercrime and National Security

Tiirmaa-Klaar¹,

Gassen

Gerhards-Padilla

et al. 2013

View full text Add to dashboard Cite

Botnets

Tiirmaa-Klaar¹,

Gassen²,

Gerhards-Padilla³

et al. 2013

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Jan Gassen

PDF Scrutinizer: Detecting JavaScript-based attacks in PDF documents

HoneyAgent: Detecting malicious Java applets by using dynamic analysis

A honeypot for arbitrary malware on USB storage devices

Botnets, Cybercrime and National Security

Botnets

Contact Info

Product

Resources

About