• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>IEEE Conference on Communications and Network Security >Assessing the threat of web worker distributed attacks
【24h】

Assessing the threat of web worker distributed attacks

机译:评估Web Worker分布式攻击的威胁

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

In this paper, we identify and evaluate the potential of new distributed attacks launched through web browsers using the HTML5 Web Workers API. Web worker attacks rely on the new multi-threading capabilities of Web Workers, which can allow malicious JavaScript code to run in the background of a web page without impacting foreground JavaScript performance or user experience. These background computing tasks can be used to launch application-layer DDoS attacks or offload computationally intensive attack tasks, such as password cracking, to the browsers of users visiting a compromised website. These attacks do not harm the compromised users directly but offer a potential path for attackers to gain control of large pools of computing resources, similar to botnets. We evaluate the feasibility of using online advertisement services to gain access to such computing pool and quantitatively evaluate the economics of these attacks and point out the key factors affecting the cost effectiveness of launching attacks through Web Workers in comparison with cloud computing or rented botnets.
机译:在本文中,我们确定并评估了使用HTML5 Web Workers API通过Web浏览器发起的新型分布式攻击的可能性。 Web Worker攻击依赖于Web Workers的新多线程功能,该功能可以允许恶意JavaScript代码在网页的后台运行,而不会影响前台JavaScript的性能或用户体验。这些后台计算任务可用于向访问受感染网站的用户的浏览器发起应用程序层DDoS攻击,或将计算强度大的攻击任务(例如密码破解)卸载。这些攻击不会直接伤害受感染的用户,但为攻击者提供了一种潜在的路径,使其可以控制与僵尸网络类似的大型计算资源池。我们评估了使用在线广告服务访问此类计算池的可行性,并定量评估了这些攻击的经济性,并指出了与云计算或租用的僵尸网络相比,影响通过Web Workers发起攻击的成本效益的关键因素。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号