A Taxonomy of Browser Extensions - Researching metadata patterns of Chrome extensions related to security using Random Forest and k-modes

Abstract

Since the development of Google Chrome extensions is open to third party developers, there is an inherent risk of developers with malicious intents building extensions to attack end users, for example through stealing their personal information or exploiting their system resources. The sandbox system in place in Google Chrome designed to prevent such actions through warnings during installation has previously been deemed to be ineffective, consequently a new system of preventing malicious behavior or communicating risk to users is needed. In this thesis, we investigate the feasibility of using machine learning and an extension’s metadata, such as its permissions, file types, category, developer, rating, etc, to assess the security risk of an extension without examining code or executing the extension. The conclusions from our results are the following: (1) categories are basically indistinguishable in terms of metadata, which prevents outlier analysis using categories; (2) though strong feature relationships exists in the metadata, few of them are deemed relevant to security; and (3) k-modes clustering proved to be an effective way of detecting patterns in permission usage, detecting outliers and also detecting malicious extensions.