BrowserGuard2: A solution for drive-by-download attacks

Abstract

Drive-by-download attacks create major threats on web infrastructure. These attacks happen when a user visits a malicious website which downloads and executes malware in user’s computer by exploiting the vulnerabilities in web browsers or web plug-ins. After such attacks, attacker can obtain complete access of the system. In this paper, we design and implement a solution for drive-by-download attacks called BrowserGuard2. Its behaviour is based run-time solution; hence it does not analyse webpage source code or script code. It does not take website ranking into consideration and does not maintain exploit code sample. BrowserGuard2 analyses download process of a file being downloaded and based on the results after analysing it successfully blocks malware execution. Based on experimental results it was observed that, BrowserGuard2 has zero false negatives and false positives for websites visited with low overhead.