| Summary: | 碩士 === 國立成功大學 === 電腦與通信工程研究所 === 98 === With the Web’s rapid pace of change, default browser functionality is no longer enough, and more and more browsers are designed to support “extensions”. Users can extend browser capabilities by installing extensions to their browser. Extensions use the browser API (Application Programming Interface) to access the content of the web page and communicate with remote servers. Benign extensions improve the user browsing experience. However, installing malicious extensions may cause sensitive information to be revealed.
In this thesis, a Malicious Behavior Analysis Platform for Browser Extensions (MBAPBE) is designed and implemented to help users verify whether extensions are benign or malicious. The user submits an untrusted extension to MBAPBE, and an analysis report will be generated for the user. Based on this report, user can make an informed decision regarding extension installation, and consequently reduce the chance of installing malicious extensions. We provide a (1) monitoring module and a (2) analysis module to determine whether an extension is malicious or not. For verifying the accuracy of MBAPBE, we have analyzed the Firefox top 100 benign extensions from AMO (Addons.Mozilla.Org) and 6 malicious extensions. The contribution of this thesis is to define malicious behavior of extensions, and provide a feasible solution to protect the users from installing malicious extensions.
|
|---|
