JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits

Schwarz, Michael; Lackner, Florian; Gruss, Daniel

doi:10.14722/ndss.2019.23155

Cited by 41 publications

(30 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Sanchez-Rola et al [50] showed a method relying on computer internal clock imperfections to fingerprint unique machines. Schwarz et al [51] presented JavaScript template attacks to create fingerprints and retrieved the instruction-set architecture and the used memory allocator.…”

Section: Hardware-based Side-channel Attacksmentioning

confidence: 99%

SoK: In Search of Lost Time: A Review of JavaScript Timers in Browsers

Rokicki

Maurice

Laperdrix

2021

2021 IEEE European Symposium on Security and Privacy (EuroS&P)

View full text Add to dashboard Cite

Section: Hardware-based Side-channel Attacksmentioning

confidence: 99%

SoK: In Search of Lost Time: A Review of JavaScript Timers in Browsers

Rokicki

Maurice

Laperdrix

2021

2021 IEEE European Symposium on Security and Privacy (EuroS&P)

View full text Add to dashboard Cite

“…In addition to /proc file system data, and unprivileged API calls, side-channels may be formed by the methods exposed to unprivileged browser JavaScript. In [17], the authors perform a statistical analysis on these browser properties and demonstrate the detection of the; underlying operating system, CPU architecture, privacy-enhancing browser extensions, and exact browser version.…”

Section: Related Workmentioning

confidence: 99%

A Machine Learning Based Monitoring Framework for Side-Channel Information Leaks

Lescisin

Mahmoud

2021

IEEE Open J. Comput. Soc.

View full text Add to dashboard Cite

Computer and network security is an ever important field of study as information processed by these systems is of ever increasing value. The state of research on direct attacks, such as exploiting memory safety or shell input errors is well established and a rich set of testing tools are available for these types of attacks. Machine-learning based intrusion detection systems are also available and are commonly deployed in production environments. What is missing, however, is the consideration of implicit information flows, or side-channels. Research has revealed side-channels formed by everything from CPU acoustic noise, to encrypted network traffic patterns, to computer monitor ambient light. Furthermore, no portable method exists for distributing side-channel test cases. This paper introduces a framework for adversary modeling and feedback generation on what the adversary may learn from the various side-channel information sources. The framework operates by monitoring two data streams; the first being the stream of side-channel cues, and the second being the stream of private system activity. These streams are used for training and evaluating a machine learning classifier to determine its performance of private system activity prediction. A prototype has been built to evaluate side-channel effects on four popular scenarios.

show abstract

“…Rule-based web bot detection techniques that use browser fingerprints include font detection, plugin enumeration, WebGL fingerprinting, examination of unique to browser automation software strings in JavaScript variables, and more [5,23,31]. Furthermore, more advanced fingerprinting techniques have been proposed that can extract low level properties, such as the instruction-set architecture, and the used memory allocator [31]. However, research has shown that current commercial tools that detect web bots based on their fingerprint present several flaws [5].…”

Section: Background and Related Workmentioning

confidence: 99%

“…Such web bots can crawl web servers in a humanlike manner to collect information making them harder to detect. Additionally, we can assume that the malicious web bots exhibit a fingerprint that is indistinguishable from that of a browser as in the opposite case, such bots could be deterministically detected using advanced fingerprinting techniques [5,22,23,31]. This is a logical assumption, as the respective Indicators of Compromise have a low pain threshold (i.e., they require low effort to be changed) [8].…”

Section: Threat Modelmentioning

confidence: 99%

Detection of Advanced Web Bots by Combining Web Logs with Mouse Behavioural Biometrics

et al. 2021

View full text Add to dashboard Cite

Web bots vary in sophistication based on their purpose, ranging from simple automated scripts to advanced web bots that have a browser fingerprint, support the main browser functionalities, and exhibit a humanlike behaviour. Advanced web bots are especially appealing to malicious web bot creators, due to their browser-like fingerprint and humanlike behaviour which reduce their detectability. This work proposes a web bot detection framework that comprises two detection modules: (i) a detection module that utilises web logs, and (ii) a detection module that leverages mouse movements. The framework combines the results of each module in a novel way to capture the different temporal characteristics of the web logs and the mouse movements, as well as the spatial characteristics of the mouse movements. We assess its effectiveness on web bots of two levels of evasiveness, (a) moderate web bots that have a browser fingerprint and (b) advanced web bots that have a browser fingerprint and also exhibit a humanlike behaviour. We show that combining web logs with visitors? mouse movements is more effective and robust towards detecting advanced web bots that try to evade detection, as opposed to using only one of those approaches.

show abstract

JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits

Cited by 41 publications

References 36 publications

SoK: In Search of Lost Time: A Review of JavaScript Timers in Browsers

SoK: In Search of Lost Time: A Review of JavaScript Timers in Browsers

A Machine Learning Based Monitoring Framework for Side-Channel Information Leaks

Detection of Advanced Web Bots by Combining Web Logs with Mouse Behavioural Biometrics

Contact Info

Product

Resources

About