-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathchap6.tex
9 lines (5 loc) · 2.11 KB
/
chap6.tex
1
2
3
4
5
6
7
8
9
\chapter{Conclusion and Future Enhancements}
The aim of this research was to build a Mozilla add-on to detect metamorphic JavaScript malware embedded in a web page. For this purpose, I implemented an add-on using the Mozilla add-on SDK. Internally, the add-on uses the Rhino JavaScript engine to generate opcodes for the JavaScript content of a web page. As the opcode graph similarity technique performs better while classifying the files with similar opcode statistics, this technique was used in the add-on as a malware detection technique. Test results from \autoref{chap:testing} show that a threshold score value \textbf{0.00145} is able to classify the Transcriptase malware family viruses and benign web pages properly even after adding significant amount of junk code. A similar approach can be used for all the different types of metamorphic malware.
Test results also show that execution time for the add-on is around 1 to 4 seconds for benign web pages and 6 to 11 seconds for malware web pages. Even though the execution overhead seems significant, the user is able to view the HTML and CSS content of the page properly during the add-on execution period. As discussed in Section \ref{fingerprintingwp}, future enhancements for this thesis can include extending the add-on to use the cloud to increase the add-on performance. This enhancement requires efficient security measures, so that an intruder can't eavesdrop/tamper with the information passed to and from cloud.
Future enhancements also include eliminating the burden of validating some external JavaScript files by storing their links as white lists. For instance, several web pages may have JavaScript code to display Google Ads, as Google is secured and regularly monitored, we can safely consider all the external Google Ads related JavaScript files as benign files. This approach may also involve some risk if any of the web page in the white list is attacked.
Different malware detection techniques can be added to the add-on to increase the detection rate. As discussed in Section \ref{otherdetecttech}, the add-on provides simple way to include other detection techniques.