Effective detection of vulnerable and malicious browser extensions

Al-Subaie, 2006, Efficacy of hidden Markov models over neural networks in anomaly intrusion detection, vol. 01, 325 Bandhakavi, 2011, Vetting browser extensions for security vulnerabilities with VEX, Commun ACM, 54, 91, 10.1145/1995376.1995398 Barth, 2010, Protecting browsers from extension vulnerabilities Barua, 2013, Protecting web browser extensions from JavaScript injection attacks, 188 Browser Helper Objects Bugzilla Chen, 2011, App isolation: get the security of multiple browsers with just one, 227 Chufeng, 2011, Systematical vulnerability detection in browser validation mechanism, 831 Corona, 2009, HMM-web: a framework for the detection of attacks against web applications, 747 Curtsinger, 2011, ZOZZLE: fast and precise in-browser JavaScript malware detection, 3 Dagon, 2008, A taxonomy of botnet structures, vol. 36, 143 Dhawan, 2009, Analyzing information flow in JavaScript-based browser extensions, 382 Djeric, 2010, Securing script-based extensibility in web browsers, 23 Eshete, 2012, BINSPECT: holistic analysis and detection of malicious web pages, 149 Ford, 2009, Analyzing and detecting malicious flash advertisements, 363 Freeman Google Chrome Extensions. http://developer.chrome.com/extensions/index.html [last accessed: 15.08.12.]. Grier, 2012, Manufacturing compromise: the emergence of exploit-as-a-service, 821 Householder, 2002, Computer attack trends challenge internet security, Suppl Comput Mag, 35, 5 Karim, 2012, An analysis of the mozilla jetpack extension framework, 333 Kazi, 2012 Kirda, 2006, Behavior-based spyware detection, vol. 15 Kolbitsch, 2012, Rozzle: de-cloaking internet malware, 443 Lei Liu, 2012, Chrome extensions: threat analysis and countermeasures Lerner, 2013, Verifying web browser extensions' compliance with private-browsing mode, vol. 8134, 57, 10.1007/978-3-642-40203-6_4 Liverani Liverani Louw, 2008, Enhancing web browser security against malware extensions, J Comput Virol, 4, 179, 10.1007/s11416-007-0078-5 MailOnline McCarthy Milowski Mozilla Firefox Mozilla Firefox Mozilla Firefox MSISAC Nyman Onarlioglu, 2013, Securing legacy Firefox extensions with SENTINEL, vol. 7967, 122, 10.1007/978-3-642-39235-1_7 OWASP Poritz, 1988, Hidden Markov models: a guided tour, vol. 1, 7 Provos, 2008, All your iFrames point to us Ratanaworabhan, 2009, NOZZLE: a defense against heap-spraying code injection attacks, 169 Robin Seo, 2010, InvisiType: object-oriented security policies Shahriar, 2013, A model-based detection of vulnerable and malicious browser extensions, 198 Shivaraj, 2008, A hidden Markov model based approach to detect rogue access points, 1 Stuart Schechter, 2007, The Emperor's new security indicators: an evaluation of website authentication and the effect of role playing on usability studies, 51 Suggi Symantec, 2011-2012 Wang, 2006, Automated web patrol with strider HoneyMonkeys: finding web sites that exploit browser vulnerabilities Wang, 2010, Structural learning of attack vectors for generating mutated XSS attacks, 15 Wang, 2012, An empirical study of dangerous behaviors in Firefox extensions, 188 XPConnect, 2012. https://developer.mozilla.org/en-US/docs/XPConnect.