Abstract
Various reports show that web browsers are known for being insecure, with growing amount of flaws that make them vulnerable to various attacks. Such attacks can be used to execute arbitrary procedures on the victims' computer and silently install malicious software, turning them into bots. In addition, browsers are complex and typically incorporate third-party libraries installed on-demand. This makes it very difficult for security experts to analyze the causes of such flaws or devise countermeasures. In this paper, we present an approach to detect and prevent attacks against a browser by intercepting the interactions between its core libraries and the underlying operating system. We then build mathematical models that capture the behavior of the browser during the rendering of web objects. Finally, we show that such models can be leveraged to automatically classify web objects as malicious or benign using real-world malicious websites.