Introducing CUJO - A system to detect and precent JavaScript attacks on websites
Congratulations to BIFOLD Research Group Lead Konrad Rieck and his former colleagues Tammo Krueger, Senior Data Analyst at Cyber Security Sharing and Analytics, and Andreas Dewald, Managing Director at ERNW Research.
The Annual Computer Security Applications Conference (ACSAC) awarded the scientists the Test-of-Time Award for their publication "CUJO: Efficient Detection and Prevention of Drive by Download Attacks" (2010).
“We are thrilled to receive this prestigious award from this renown conference,” says Konrad Rieck, Professor for Machine Learning and Security at TU Berlin. “Our paper introduces CUJO, a system that automatically detects and precents JavaScript attacks on websites. When visiting a website, the system extracts all JavaScript code, executes it in a sandbox and analyzes the resulting behavior with machine learning. All of this happens on-the-fly without the user noticing. CUJO can be seen as one of the first AI based systems for detecting malicious code that gets many things right: it spots most attacks, maintains a low false alarm rate and makes its decisions in about half a second. This is possible because of efficient learning models inside CUJO,” explains Konrad Rieck.
ACSAC brings together leading researchers and practitioners, along with a diverse community of security professionals from academia, industry and government, to present and discuss the latest results and topics in cybersecurity. Now in its 41st year, it is the second oldest conference dedicated to computer security. This year, it takes place in Honolulu, Hawaii, from December 8 to 12.
Publication:
Konrad Rieck, Tammo Krueger, Andreas Dewald: Cujo: efficient detection and prevention of drive-by-download attacks