Collusion Attacks on Browser Extensions Revealing hidden extensions colluding against the user

Examensarbete för masterexamen

Please use this identifier to cite or link to this item:
Download file(s):
File Description SizeFormat 
252868.pdfFulltext1.34 MBAdobe PDFView/Open
Type: Examensarbete för masterexamen
Master Thesis
Title: Collusion Attacks on Browser Extensions Revealing hidden extensions colluding against the user
Authors: Baždarevic, Dženan
Dubell, Michael
Abstract: Browser extensions have been created to extend and enhance web browsers in order to improve the user experience. Because of this, browser extensions can access a range of different resources that pose a great privacy risk for users. These sensitive resources include users’ browser history, passwords and banking information. Therefore browser extensions have become a great source of interest for those with malicious intent. In order to obscure the intent behind a browser extension, a set of extensions can be created that when analysed individually does not raise any suspicion. However, by analysing the entire set of extensions, a relationship between each extension can be revealed. Namely, each extension is extracting user information under different sets of permissions, and relaying this data to a common external server. Such extensions are said to be colluding, and possibly performing a collusion attack. This form of attack is the focus of this research paper. We propose a method for downloading and performing static analysis of the collected browser extensions. The static analysis is based on regular expressions and defined to match and extract domain names and IP addresses from the downloaded browser extensions. In order to discover domains or IP addresses that are malicious, Recorded Future’s threat intelligence is used to provide classification and information behind each classification. Recorded Future collects data from technical sources, open sources and closed sources. By combining their machine learning and natural language processing, Recorded Future can identify, classify and predict events. In this work, over 250,000 Mozilla Firefox and Google Chrome extensions have been analysed by our proposed method and as a result, 1037 browser extensions have been found to be possibly colluding. Recorded Future classified 131 domains as Malicious.
Keywords: Data- och informationsvetenskap;Computer and Information Science
Issue Date: 2017
Publisher: Chalmers tekniska högskola / Institutionen för data- och informationsteknik (Chalmers)
Chalmers University of Technology / Department of Computer Science and Engineering (Chalmers)
Collection:Examensarbeten för masterexamen // Master Theses

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.