基于行为序列的浏览器扩展漏洞检测

发布时间：2018-03-05 09:42

本文选题：浏览器扩展　切入点：行为序列　出处：《天津大学》2014年硕士论文　论文类型：学位论文

【摘要】：自从2008年以来，浏览器扩展的安全问题开始得到人们的关注。随着浏览器发挥的作用越来越重要，该问题逐渐变成个研究热点。但是目前尚没有保护用户免受针对浏览器扩展攻击的方法或工具。研究发现造成浏览器扩展安全问题的主要原因是浏览器扩展机制的设计不合理。基于对Firefox浏览器扩展机制的研究分析，本文提出了种基于行为序列分析的浏览器扩展漏洞检测方法。该方法首先分析了Firefox浏览器为扩展提供的接口，并将接口调用抽象成为浏览器扩展的行为，同时按照每类行为可能给用户带来的安全风险将其划分为四个安全等级。然后将扩展的行为按照发生时间顺序连成行为序列，并建模成基于神经网络的图模型，再对建模成的大规模图模型进行约简。接下来，借助于个攻击特征行为序列知识库的支持，，将检测恶意浏览器扩展以及浏览器扩展漏洞的问题转化为个子图匹配的问题。最后，根据本文提出的方法，实现了套自动化检测的工具，并对从Mozilla上下载的140个浏览器扩展进行了自动测试。测试包括对4种漏洞和对7种不安全实践的检测。实验结果表明查准率在87.7%。本文自动测试了Mozilla上的所有类别的浏览器扩展的行为。测试知识库收集总结了浏览器扩展漏洞和不安全实践。对浏览器扩展存在的安全问题及浏览器扩展机制的设计缺陷进行了调查研究。实验表明浏览器扩展中存在较为严重的安全问题。
[Abstract]:Since 2008, the issue of browser extension security has come to the fore. As browsers play an increasingly important role, However, there are no methods or tools to protect users from browser extension attacks. It is found that the main cause of browser extension security problem is the unreasonable design of browser extension mechanism. Based on the research and analysis of Firefox browser extension mechanism, this paper proposes a browser extension vulnerability detection method based on behavior sequence analysis. Firstly, the interface provided by Firefox browser for extension is analyzed. The interface call is abstracted as the behavior of browser extension, and it is divided into four security levels according to the security risk that each kind of behavior may bring to the user. The model is modeled as a graph model based on neural network, and then the large-scale graph model is reduced. Then, with the support of a knowledge base of attack characteristic behavior sequence, The problem of detecting malicious browser extension and browser extension vulnerabilities is transformed into a sub-graph matching problem. Finally, according to the method proposed in this paper, a set of automatic detection tool is implemented. The test includes four vulnerabilities and seven kinds of unsafe practices. The experimental results show that the precision rate is 87.7%. This paper automatically tests the behavior of all classes of browser extensions on Mozilla. The collection of test knowledge bases summarizes browser extension vulnerabilities and unsafe practices. Security problems and browser extension mechanisms for browser extensions. The experimental results show that there are serious security problems in browser extension.
【学位授予单位】：天津大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.092

【参考文献】