Credibility of Browser Extension Program Based on Behavioral Statement

As users have increasing demand for communication at anytime and anywhere, browser plays an increasingly greater role in the Internet, with browser extension program more widely used. However, problem regarding credibility of browser extension program has also arisen. This paper proposes a method to automatically acquire the behavior and actions of extension program during the browser running phase. In this method, a series of user behaviors will be simulated to maximize the exposure of behaviors and actions by the extension, thus collecting the API calling information of browser extension program as comprehensively as possible. According to the acquired browser extension, API information is called to plot the browser extension behavior diagram. Malicious extension and non-malicious extension behavior diagram are compared to infer the malicious behavior calling sequence, thus declaring the untrusted behavior model. Finally, through experiments, feasibility of this method is verified.