Open Access
Subscription Access
Malware Detection in Web Browser Plugins Using API Calls with Permissions
With the exponential growth of internet users, web browsers play an essential role in gathering knowledge, social networking etc. Browser plugin/add-on is a unique feature of modern browsers that allows for adding new gimmicks to the browser functionality. Although this tool is handy, it poses a significant risk as it can collect and store users browsing history, passwords and more. Hence, attackers can try injecting malicious browser add-ons that can utilize security loopholes wherein the attacker may access user-critical data on the host device. The Smart Extension Malware Detector (SEMD), a reliable browser malware detection system that relies on extension development API calls and privileges using outfit machine learning approaches, was suggested and created by us. The research outcomes demonstrate that the SEMD model outperformed peer models while lowering the difficulty of the detection procedure.
Keywords
Malware Detection, Browser Add-Ons, Machine Learning.
User
Font Size
Information
- M. Weissbacher, E. Mariconti, G. Suarez-Tangil, G. Stringh- ini, W. Robertson, and E. Kirda. Ex-ray: detection of history- leaking browser extensions. In Dec. 2017.
- Y. Wang, W. Cai, P. Lyu, and W. Shao. A combined static and dynamic analysis approach to detect malicious browser extensions. Security and Communication Networks, 2018, May 2018.
- R. Islam, M. S. Hossen, and D. Shin. A mapping study on privacy attacks in big data and iot. In 2022 13th International Conference on Information and Communication Technology Convergence (ICTC), 2022.
- S. Talukder and Z. Talukder. A survey on malware detection and analysis tools. International Journal of Network Security Its Applications, 12, Mar. 2020.
- A. Dhammi and M. P. Singh. Behavior analysis of malware using machine learning. 2015 Eighth International Conference on Contemporary Computing (IC3), 2015.
- A. Damodaran, F. Di Troia, C. A. Visaggio, T. Austin, and M. Stamp. A comparison of static, dynamic, and hybrid analysis for malware detection. Journal of Computer Virology and Hacking Techniques, 13, Feb. 2017.
- F. Cohen. A formal definition of computer worms and some related results. Computers Security, 11(7), 1992.
- 12 Types of Malware + Examples That You Should Know — crowdstrike.com. https://www.crowdstrike.com/cybersecurity-101/malware/types-of-malware/. [Accessed 24-Aug2022].
- Z. Zhenfang. Study on computer trojan horse virus and its prevention. International Journal of Engineering and Applied Sciences, 2(8), Aug. 2015.
- T. Stafford and A. Urbaczewski. Spyware: the ghost in the machine. In volume 14, Jan. 2004.
- P. Tuli and P. Sahu. System monitoring and security using keylogger. In 2013.
- J. Gao, L. Li, P. Kong, T. Bissyande ́, and J. Klein. Should you consider adware as malware in your study? In Feb. 2019.
- P. Okane, S. Sezer, and D. Carlin. Evolution of ransomware. IET Networks, 7, May 2018.
- A. Afreen, M. Aslam, and S. Ahmed. Analysis of fileless malware and its evasive behavior. In Oct. 2020.
- B. Sanjay, D. Rakshith, R. Akash, and V. V. Hegde. An approach to detect fileless malware and defend its evasive mechanisms. In 2018 3rd International Conference on Computational Systems and Information Technology for Sustain- able Solutions (CSITSS). IEEE, 2018.
- S. S. Silva, R. M. Silva, R. C. Pinto, and R. M. Salles. Botnets: a survey. Computer Networks, 57(2), 2013.
- L. Liu, X. Zhang, G. Yan, and S. Chen. Chrome extensions: threat analysis and countermeasures. In NDSS, 2012.
- H. Shahriar, K. Weldemariam, M. Zulkernine, and T. Lutel- lier. Effective detection of vulnerable and malicious browser extensions. Computers Security, 47, Nov. 2014.
- N. Pantelaios, N. Nikiforakis, and A. Kapravelos. You’ve changed: detecting malicious browser extensions through their update deltas. In Oct. 2020.
- A. Barth, A. Felt, P. Saxena, and A. Boodman. Protecting browsers from extension vulnerabilities. In Jan. 2010.
- Q. E. A. Ratul, N. Chowdhury, H. Soliman, M. S. Chaity, andA. Haque. Android malware detection in large dataset: smart approach. In Feb. 2020.
- A. Kapravelos, C. Grier, N. Chachra, C. Kruegel, G. Vigna, and V. Paxson. Hulk: eliciting malicious behavior in browser extensions. In 23rd USENIX Security Symposium (USENIX Security 14), San Diego, CA. USENIX Association, Aug. 2014.
- M. N.-U.-R. Chowdhury, Q. E. Alahy, and H. Soliman. Advanced android malware detection utilizing api calls and permissions. In H. Kim and K. J. Kim, editors, IT Conver- gence and Security, Singapore. Springer Singapore, 2021.
- Q. E. A. Ratul, N. Chowdhury, H. Soliman, M. S. Chaity, and A. Haque. Android malware detection in large dataset: smart approach. In Feb. 2020.
- L. Breiman. Random forests. Machine learning, 45(1), 2001.
- I. Jenhani, N. B. Amor, and Z. Elouedi. Decision trees as possibilistic classifiers. International Journal of Approximate Reasoning, 48(3), 2008. Special Section on Choquet Integra- tion in honor of Gustave Choquet (1915–2006) and Special Section on Nonmonotonic and Uncertain Reasoning.
- M. Bala, V. Athira, and A. Rajendran. Efficient multi-level lung cancer prediction model using support vector machine classifier. IOP Conference Series: Materials Science and Engineering, 1012, Jan. 2021.
- P. Tsangaratos and I. Ilia. Comparison of a logistic regression and naive bayes classifier in landslide susceptibility assessments: the influence of model’s complexity and training dataset size. Catena, 145, 2016.
- Declare permissions - Chrome Developers — developer.chrome.com. https : / / developer . chrome . com / docs / extensions / mv3 / declare permissions/. [Accessed 24-Aug- 2022].
- Permissions requested by apps and extensions - Chrome Web Store Help — support.google.com. https : / / support . google . com/chrome webstore/answer/186213?hl=en#zippy=% 2Chigh-alert%2Cmedium-alert. [Accessed 24-Aug-2022].
Abstract Views: 84
PDF Views: 0