Phani Vadrevu scite author profile

Phani Vadrevu

5Publications

19Citation Statements Received

62Citation Statements Given

How they've been cited

How they cite others

Affiliations

University of New Orleans, University of Georgia

Publications

Order By: Most citations

JSgraph: Enabling Reconstruction of Web Attacks via Efficient Tracking of Live In-Browser JavaScript Executions

Vadrevu

Lee

et al. 2018

View full text Add to dashboard Cite

In this paper, we propose JSgraph, a forensic engine that is able to efficiently record fine-grained details pertaining to the execution of JavaScript (JS) programs within the browser, with particular focus on JS-driven DOM modifications. JSgraph's main goal is to enable a detailed, post-mortem reconstruction of ephemeral JS-based web attacks experienced by real network users. In particular, we aim to enable the reconstruction of social engineering attacks that result in the download of malicious executable files or browser extensions, among other attacks.We implement JSgraph by instrumenting Chromium's code base at the interface between Blink and V8, the rendering and JavaScript engines. We design JSgraph to be lightweight, highly portable, and to require low storage capacity for its fine-grained audit logs. Using a variety of both in-the-wild and lab-reproduced web attacks, we demonstrate how JSgraph can aid the forensic investigation process. We then show that JSgraph introduces acceptable overhead, with a median overhead on popular website page loads between 3.2% and 3.9%.

show abstract

Enabling Reconstruction of Attacks on Users via Efficient Browsing Snapshots

Vadrevu

Liu

et al. 2017

View full text Add to dashboard Cite

In this paper, we present ChromePic, a web browser equipped with a novel forensic engine that aims to greatly enhance the browser's logging capabilities. ChromePic's main goal is to enable a fine-grained post-mortem reconstruction and trace-back of web attacks without incurring the high overhead of record-andreplay systems. In particular, we aim to enable the reconstruction of attacks that target users and have a significant visual component, such as social engineering and phishing attacks. To this end, ChromePic records a detailed snapshot of the state of a web page, including a screenshot of how the page is rendered and a "deep" DOM snapshot, at every significant interaction between the user and the page. If an attack is later suspected, these finegrained logs can be used to reconstruct the attack and trace back the sequence of steps the user followed to reach the attack page. We develop ChromePic by implementing several careful modifications and optimizations to the Chromium code base, to minimize overhead and make always-on logging practical. We then demonstrate that ChromePic can successfully capture and aid the reconstruction of attacks on users. Our evaluation includes the analysis of an in-the-wild social engineering download attack on Android, a phishing attack, and two different clickjacking attacks, as well as a user study aimed at accurately measuring the overhead introduced by our forensic engine. The experimental results show that browsing snapshots can be logged very efficiently, making the logging events practically unnoticeable to users. Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author's employer if the paper was prepared within the scope of employment.

show abstract

When Push Comes to Ads

Subramani¹,

Yuan²,

Setayeshfar³

et al. 2020

View full text Add to dashboard Cite

A Human in Every APE: Delineating and Evaluating the Human Analysis Systems of Anti-Phishing Entities

Acharya

Vadrevu

2022

View full text Add to dashboard Cite

Session details: Session 5: Mobile Security

Vadrevu

2020

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Phani Vadrevu

JSgraph: Enabling Reconstruction of Web Attacks via Efficient Tracking of Live In-Browser JavaScript Executions

Enabling Reconstruction of Attacks on Users via Efficient Browsing Snapshots

When Push Comes to Ads

A Human in Every APE: Delineating and Evaluating the Human Analysis Systems of Anti-Phishing Entities

Session details: Session 5: Mobile Security

Contact Info

Product

Resources

About