語系:
繁體中文
English
說明(常見問題)
回圖書館首頁
手機版館藏查詢
登入
回首頁
切換:
標籤
|
MARC模式
|
ISBD
Defending against browser based data...
~
Sood, Aditya.
FindBook
Google Book
Amazon
博客來
Defending against browser based data exfiltration attacks.
紀錄類型:
書目-語言資料,印刷品 : Monograph/item
正題名/作者:
Defending against browser based data exfiltration attacks./
作者:
Sood, Aditya.
面頁冊數:
156 p.
附註:
Source: Dissertation Abstracts International, Volume: 74-12(E), Section: B.
Contained By:
Dissertation Abstracts International74-12B(E).
標題:
Computer Science. -
電子資源:
http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3591775
ISBN:
9781303324918
Defending against browser based data exfiltration attacks.
Sood, Aditya.
Defending against browser based data exfiltration attacks.
- 156 p.
Source: Dissertation Abstracts International, Volume: 74-12(E), Section: B.
Thesis (Ph.D.)--Michigan State University, 2013.
The global nature of Internet has revolutionized cultural and commercial interactions while at the same time it has provided opportunities for cyber criminals. Crimeware services now exist that have transformed the nature of cyber crime by making it more automated and robust. Furthermore, these crimeware services are sold as a part of a growing underground economy. This underground economy has provided a financial incentive to create and market more sophisticated crimeware.
ISBN: 9781303324918Subjects--Topical Terms:
626642
Computer Science.
Defending against browser based data exfiltration attacks.
LDR
:03663nam a2200337 4500
001
1958530
005
20140421080409.5
008
150210s2013 ||||||||||||||||| ||eng d
020
$a
9781303324918
035
$a
(MiAaPQ)AAI3591775
035
$a
AAI3591775
040
$a
MiAaPQ
$c
MiAaPQ
100
1
$a
Sood, Aditya.
$3
2093646
245
1 0
$a
Defending against browser based data exfiltration attacks.
300
$a
156 p.
500
$a
Source: Dissertation Abstracts International, Volume: 74-12(E), Section: B.
500
$a
Adviser: Richard J. Enbody.
502
$a
Thesis (Ph.D.)--Michigan State University, 2013.
520
$a
The global nature of Internet has revolutionized cultural and commercial interactions while at the same time it has provided opportunities for cyber criminals. Crimeware services now exist that have transformed the nature of cyber crime by making it more automated and robust. Furthermore, these crimeware services are sold as a part of a growing underground economy. This underground economy has provided a financial incentive to create and market more sophisticated crimeware.
520
$a
Botnets have evolved to become the primary, automated crimeware. The current, third generation of botnets targets online financial institutions across the globe. Willie Sutton, the bank robber, when asked why he robbed banks is credited with replying: "That is where the money is." Today, financial institutions are online so "that is where the money is" and criminals are swarming. Because the browser is most people's window to the Internet, it has become the primary target of crimeware, bots in particular. A common task is to steal credentials for financial institutions such as accounts and passwords.
520
$a
Our goal is to prevent browser-based data exfiltration attacks. Currently bots use a variant of the Man-in-the-Middle attack known as the Man-in-the-Browser attack for data exfiltration. The two most widely deployed browser-based data exfiltration attacks are Form-grabbing and Web Injects. Form-grabbing is used to steal data such as credentials in web forms while the Web Injects attack is used to coerce the user to provide supplemental information such as a Social Security Number (SSN). Current security techniques emphasize detection of malware. We take the opposite approach and assume that clients are infected with malware and then work to thwart their attack.
520
$a
This thesis makes the following contributions: · We introduce WPSeal, a method that a financial institution can use to discover that a Web-inject attack is happening so an account can be shut down before any damage occurs. This technique is done entirely on the server side (such as the financial institution's side). · We developed a technique to encrypt form data, rendering it useless for theft. This technique is controlled from the server side (such as the financial institution's side). Using WPSeal, we can detect if the encryption scheme has been tampered with. · We present an argument that current hooking-based capabilities of bots cannot circumvent WPSeal (as well as the encryption that WPSeal protects). That is, criminals will have to come up with a totally different class of attack.
520
$a
In both cases, we do not prevent the attack. Instead, we detect the attack before damage can be done, rendering the attack harmless.
590
$a
School code: 0128.
650
4
$a
Computer Science.
$3
626642
650
4
$a
Information Technology.
$3
1030799
650
4
$a
Information Science.
$3
1017528
690
$a
0984
690
$a
0489
690
$a
0723
710
2
$a
Michigan State University.
$b
Computer Science.
$3
1680297
773
0
$t
Dissertation Abstracts International
$g
74-12B(E).
790
$a
0128
791
$a
Ph.D.
792
$a
2013
793
$a
English
856
4 0
$u
http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3591775
筆 0 讀者評論
館藏地:
全部
電子資源
出版年:
卷號:
館藏
1 筆 • 頁數 1 •
1
條碼號
典藏地名稱
館藏流通類別
資料類型
索書號
使用類型
借閱狀態
預約狀態
備註欄
附件
W9253358
電子資源
11.線上閱覽_V
電子書
EB
一般使用(Normal)
在架
0
1 筆 • 頁數 1 •
1
多媒體
評論
新增評論
分享你的心得
Export
取書館
處理中
...
變更密碼
登入