Normally, a user may explicitly click a hyperlink to navigate to another web page, or click some components such as images or buttons to interact with the current web page. However, some scripts may deliberately intercept a user’s clicks to override the default action that the user may expect. Furthermore, a user could also be fooled by a script into clicking some components she/he would not click. We designate such undesired click manipulation caused by privilege abuse as click interception in web applications.

We developed a browser-based analysis framework, OBSERVER, to collect and analyze click related behaviors. Using OBSERVER, we identified three different techniques to intercept user clicks on the Alexa top 250K websites, and detected 437 third-party scripts that intercepted user clicks on 613 websites, which in total receive around 43 million visits on a daily basis.

One of the biggest threats to Web servers is Denial-of-Service (DoS) attacks. Traditionally, attackers launch Distributed Denial-of-Service (DDoS) attacks by commanding thousands of bots to flood a victim server to exhaust its computing resources, e.g., CPU cycles, network connections, bandwidth, etc. Recently, sophisticated DoS attacks that exploit the application-layer vulnerabilities have emerged. Such attacks require much less resources to launch because an attack request can consume significant amount of resources of the victim server. For example, an attacker may control the number of iterations of a loop in a vulnerable application.

We developed Rampart, which is a defense that protects web applications from sophisticated CPU-exhaustion DoS attacks. Rampart detects and stops sophisticated CPU-exhaustion DoS attacks using statistical methods and function-level program profiling. Furthermore, it synthesizes and deploys filters to block subsequent attacks, and it adaptively updates them to minimize any potentially negative impact on legitimate users.

In this project, we plan to leverage both static and dynamic program analysis techniques to detect the above DoS vulnerabilities in web applications and defend the vulnerable applications. For example, we plan to develop dynamic taint-tracking tools in the application runtime to monitor the information flow of unsafe user data. We will then dynamically construct policies to block malicious inputs. We further plan to automatically patch the vulnerable application code. We will also consider leveraging modern hardware features, i.e, Intel Processor Trace, to analyze the binary execution traces of the applications to detect and defend against such attacks.

Displaying advertisements had been the primary way to generate revenue for websites. However, more and more users start using ad-blocker software, which significantly impairs a website's ability to provide services for free. Recently, many websites started embedding crypto miner code as an alternative approach to monetization. However, the users of these many websites are not aware of that their computers are used for such a purpose.

In this project, we will develop techniques to detect websites that employ crypto miner scripts. We would also perform a large-scale analysis on the Internet and report malicious websites that do not obtain their users' consents on running crypto miner scripts.

Because of the popularity of ad-blocker software, websites have started adopting anti ad-blocker scripts. They would provide limited service for users who are blocking ads on their websites. These users are often asked by the website operators to white-list them in exchange for the recovery of the full service.

Our goal is to help users get rid of the unwanted ads while bypassing the detection of the anti ad-blockers script. In particular, we aim to develop an anti anti ad-blocker software, hopefully that the websites cannot further develop an anti anti anti ad-blocker software to detect our tool. We are modifying the browser to explore such a possibility.