Mitigating Drive-by Download Attacks: Challenges and Open Problems

Malicious web sites perform drive-by download attacks to infect their visitors with malware. Current protection approaches rely on black- or white-listing techniques that are difficult to keep up-to-date. As today's drive-by attacks already employ encryption to evade network level detection the authors propose a series of techniques that can be implemented in web browsers to protect the user from such threats. In addition, they discuss challenges and open problems that these mechanisms face in order to be effective and efficient.