OPEXA: analyser assistant for detecting over‐privileged extensions. (1st November 2018)
- Record Type:
- Journal Article
- Title:
- OPEXA: analyser assistant for detecting over‐privileged extensions. (1st November 2018)
- Main Title:
- OPEXA: analyser assistant for detecting over‐privileged extensions
- Authors:
- Khazaei, Mina Sadat
Homaei, Hossein
Shahriari, Hamid Reza - Abstract:
- Abstract : Web browsers are enticing attack vectors because they provide an interface to the Internet. Extensions add capabilities to the browsers, and therefore are attractive to attackers. These capabilities are obtained through extension privileges. Some of these privileges are necessary for extensions to perform their claimed functionalities. However, an extension may have some unrequired privileges. Over‐privileged extensions may be misused to compromise systems. The authors propose an Over‐Privileged EXtension Analyser (OPEXA), to assist security experts in detecting suspicious extensions. OPEXA predicts the intended privileges of extensions based on their descriptions, which are stated by developers in natural language. They utilise this method because real users decide whether to install extensions based on descriptions. They use a supervised machine learning method to train a multi‐label classifier that predicts the desired privileges. The extension is assumed to be suspicious if there exists at least one privilege in the extension that is not considered necessary by OPEXA. They evaluate their method on two datasets that consist of real extensions developed in new and old architectures of Firefox. According to the results, they can detect all of over‐privileged extensions in these datasets. Their approach can minimise security expert's workload by automating the extension checking process.
- Is Part Of:
- IET information security. Volume 12:Number 6(2018)
- Journal:
- IET information security
- Issue:
- Volume 12:Number 6(2018)
- Issue Display:
- Volume 12, Issue 6 (2018)
- Year:
- 2018
- Volume:
- 12
- Issue:
- 6
- Issue Sort Value:
- 2018-0012-0006-0000
- Page Start:
- 558
- Page End:
- 565
- Publication Date:
- 2018-11-01
- Subjects:
- security of data -- pattern classification -- computer network security -- Internet -- online front‐ends -- learning (artificial intelligence)
OPEXA -- over‐privileged extensions -- extension privileges -- privilege -- unrequired privileges -- Over‐Privileged EXtension Analyser -- suspicious extensions -- intended privileges -- desired privileges -- extension checking process
Computer security -- Periodicals
Cryptography -- Periodicals
Computer networks -- Security measures -- Periodicals
Database security -- Periodicals
005.8 - Journal URLs:
- https://ietresearch.onlinelibrary.wiley.com/journal/17518717 ↗
http://digital-library.theiet.org/content/journals/iet-ifs ↗
http://www.ietdl.org/IET-IFS ↗
http://www.theiet.org/ ↗ - DOI:
- 10.1049/iet-ifs.2017.0652 ↗
- Languages:
- English
- ISSNs:
- 1751-8709
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4363.252660
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 16499.xml