No Signal Left to Chance

From ISLAB/CAISR
Revision as of 09:24, 20 September 2022 by Cclab (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Title No Signal Left to Chance
Summary Identify download patterns as a useful signal for analyzing browser extensions.
Keywords Web Security; Browser Extensions; Malware; Time Series
TimeFrame
References
Prerequisites Python; JavaScript; ML
Author
Supervisor Pablo Picazo
Level Master
Status Draft


Browser extensions are popular small applications that allow users to enrich their browsing experience. Yet browser extensions pose security concerns because they can leak user data and maliciously act on behalf of the user. Because malicious behavior can manifest dynamically, detecting malicious extensions remains a challenge for the research community, browser vendors, and web application developers. In our previous paper, we identify download patterns as a useful signal for analyzing browser extensions. We leverage machine learning for clustering extensions based on their download patterns, confirming at a large scale that many extensions follow strikingly similar download patterns. Our key insight is that the download pattern signal can be used for identifying malicious extensions. To this end, we present a novel technique to detect malicious extensions based on the public number of downloads in the Chrome Web Store. This technique fruitfully combines machine learning with security analysis, showing that the download patterns signal can be used to both directly spot malicious extensions and as input to subsequent analysis of suspicious extensions. We demonstrate the benefits of our approach on a dataset from a daily crawl of the Web Store over 6 months to track the number of downloads. We find 135 clusters and identify 61 of them to have at least 80% malicious extensions. We train our classifier and run it on a test set of 1,212 currently active extensions in the Web Store successfully detecting 326 extensions as malicious solely based on downloads.

In this project, students will extend and evaluate the feasibility of our previous analysis to Firefox add-ons. Students will also analyze the main differences between Chrome extensions and Firefox ones.