Behavior decomposition: Aspect-level browser extension clustering and its security implications

Bin Zhao, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Browser extensions are widely used by millions of users. However, large amount of extensions can be downloaded from webstores without sufficient trust or safety scrutiny, which keeps users from differentiating benign extensions from malicious ones. In this paper, we propose an aspect-level behavior clustering approach to enhancing the safety management of extensions. We decompose an extension's runtime behavior into several pieces, denoted as AEBs (Aspects of Extension Behavior). Similar AEBs of different extensions are grouped into an "AEB cluster" based on subgraph isomorphism. We then build profiles of AEB clusters for both extensions and categories (of extensions) to detect suspicious extensions. To the best of our knowledge, this is the first study to do aspect-level extension clustering based on runtime behaviors. We evaluate our approach with more than 1,000 extensions and demonstrate that it can effectively and efficiently detect suspicious extensions.

Original languageEnglish (US)
Title of host publicationResearch in Attacks, Intrusions, and Defenses - 16th International Symposium, RAID 2013, Proceedings
Pages244-264
Number of pages21
DOIs
StatePublished - Dec 2 2013
Event16th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2013 - Rodney Bay, Saint Lucia
Duration: Oct 23 2013Oct 25 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8145 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other16th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2013
CountrySaint Lucia
CityRodney Bay
Period10/23/1310/25/13

Fingerprint

Clustering
Decomposition
Decompose
Safety
Subgraph
Isomorphism
Sufficient

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Zhao, B., & Liu, P. (2013). Behavior decomposition: Aspect-level browser extension clustering and its security implications. In Research in Attacks, Intrusions, and Defenses - 16th International Symposium, RAID 2013, Proceedings (pp. 244-264). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8145 LNCS). https://doi.org/10.1007/978-3-642-41284-4_13
Zhao, Bin ; Liu, Peng. / Behavior decomposition : Aspect-level browser extension clustering and its security implications. Research in Attacks, Intrusions, and Defenses - 16th International Symposium, RAID 2013, Proceedings. 2013. pp. 244-264 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{5cd8a09ca985480ead81f1643cdd86fa,
title = "Behavior decomposition: Aspect-level browser extension clustering and its security implications",
abstract = "Browser extensions are widely used by millions of users. However, large amount of extensions can be downloaded from webstores without sufficient trust or safety scrutiny, which keeps users from differentiating benign extensions from malicious ones. In this paper, we propose an aspect-level behavior clustering approach to enhancing the safety management of extensions. We decompose an extension's runtime behavior into several pieces, denoted as AEBs (Aspects of Extension Behavior). Similar AEBs of different extensions are grouped into an {"}AEB cluster{"} based on subgraph isomorphism. We then build profiles of AEB clusters for both extensions and categories (of extensions) to detect suspicious extensions. To the best of our knowledge, this is the first study to do aspect-level extension clustering based on runtime behaviors. We evaluate our approach with more than 1,000 extensions and demonstrate that it can effectively and efficiently detect suspicious extensions.",
author = "Bin Zhao and Peng Liu",
year = "2013",
month = "12",
day = "2",
doi = "10.1007/978-3-642-41284-4_13",
language = "English (US)",
isbn = "9783642412837",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "244--264",
booktitle = "Research in Attacks, Intrusions, and Defenses - 16th International Symposium, RAID 2013, Proceedings",

}

Zhao, B & Liu, P 2013, Behavior decomposition: Aspect-level browser extension clustering and its security implications. in Research in Attacks, Intrusions, and Defenses - 16th International Symposium, RAID 2013, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8145 LNCS, pp. 244-264, 16th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2013, Rodney Bay, Saint Lucia, 10/23/13. https://doi.org/10.1007/978-3-642-41284-4_13

Behavior decomposition : Aspect-level browser extension clustering and its security implications. / Zhao, Bin; Liu, Peng.

Research in Attacks, Intrusions, and Defenses - 16th International Symposium, RAID 2013, Proceedings. 2013. p. 244-264 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8145 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Behavior decomposition

T2 - Aspect-level browser extension clustering and its security implications

AU - Zhao, Bin

AU - Liu, Peng

PY - 2013/12/2

Y1 - 2013/12/2

N2 - Browser extensions are widely used by millions of users. However, large amount of extensions can be downloaded from webstores without sufficient trust or safety scrutiny, which keeps users from differentiating benign extensions from malicious ones. In this paper, we propose an aspect-level behavior clustering approach to enhancing the safety management of extensions. We decompose an extension's runtime behavior into several pieces, denoted as AEBs (Aspects of Extension Behavior). Similar AEBs of different extensions are grouped into an "AEB cluster" based on subgraph isomorphism. We then build profiles of AEB clusters for both extensions and categories (of extensions) to detect suspicious extensions. To the best of our knowledge, this is the first study to do aspect-level extension clustering based on runtime behaviors. We evaluate our approach with more than 1,000 extensions and demonstrate that it can effectively and efficiently detect suspicious extensions.

AB - Browser extensions are widely used by millions of users. However, large amount of extensions can be downloaded from webstores without sufficient trust or safety scrutiny, which keeps users from differentiating benign extensions from malicious ones. In this paper, we propose an aspect-level behavior clustering approach to enhancing the safety management of extensions. We decompose an extension's runtime behavior into several pieces, denoted as AEBs (Aspects of Extension Behavior). Similar AEBs of different extensions are grouped into an "AEB cluster" based on subgraph isomorphism. We then build profiles of AEB clusters for both extensions and categories (of extensions) to detect suspicious extensions. To the best of our knowledge, this is the first study to do aspect-level extension clustering based on runtime behaviors. We evaluate our approach with more than 1,000 extensions and demonstrate that it can effectively and efficiently detect suspicious extensions.

UR - http://www.scopus.com/inward/record.url?scp=84888361187&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84888361187&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-41284-4_13

DO - 10.1007/978-3-642-41284-4_13

M3 - Conference contribution

AN - SCOPUS:84888361187

SN - 9783642412837

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 244

EP - 264

BT - Research in Attacks, Intrusions, and Defenses - 16th International Symposium, RAID 2013, Proceedings

ER -

Zhao B, Liu P. Behavior decomposition: Aspect-level browser extension clustering and its security implications. In Research in Attacks, Intrusions, and Defenses - 16th International Symposium, RAID 2013, Proceedings. 2013. p. 244-264. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-41284-4_13