RedJsod: A Readable JavaScript Obfuscation Detector Using Semantic-based Analysis.
Uloženo v:
| Název: | RedJsod: A Readable JavaScript Obfuscation Detector Using Semantic-based Analysis. |
|---|---|
| Autoři: | AL-Taharwa, Ismail Adel, Lee, Hahn-Ming, Jeng, Albert B., Wu, Kuo-Ping, Mao, Ching-Hao, Wei, Te-En, Chen, Shyi-Ming |
| Zdroj: | 2012 IEEE 11th International Conference on Trust, Security & Privacy in Computing & Communications; 1/ 1/2012, p1370-1375, 6p |
| Abstrakt: | JavaScript allows Web-developers to hide intention behind their code inside different looking scripts known as Obfuscated code. Automatic detection of obfuscated code is generally tackled from readability perspective. However, recently obfuscation exhibits patterns that modify both syntax and semantic characteristics while preserving readability characteristic. There are two problems in dealing with readable obfuscation: 1. Difficulty in locating it since it does not manipulate suspicious strings. 2. It is a common and essential practice adopted in both benign codes and malicious codes. In this work, we first investigate why and how readable obfuscation can hinder detection of maliciousness and prevent the static analysis of suspicious scripts. Next, we propose a readable JavaScript obfuscation detector (RedJsod) system to deal with this type of threat. RedJsod is a well defined detector based on variable length context-based feature extraction (VCLFE) scheme that takes advantages of abstract syntax tree (AST) representation of a given JavaScript code to infer run-time behaviors statically. We applied RedJsod to three datasets collected from real world Web-pages to evaluate its effectiveness. Also, we tested RedJsod on well-known readable obfuscation samples cited in related works as a proof of concept illustration. Our experimental results indicated that RedJsod achieved very high detection rates (greater than 97%) in terms of accuracy, eliminated false negatives completely, while at the same time yielded very few false positives. [ABSTRACT FROM PUBLISHER] |
| Copyright of 2012 IEEE 11th International Conference on Trust, Security & Privacy in Computing & Communications is the property of IEEE and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| Databáze: | Complementary Index |
Full Text Finder | FullText | Text: Availability: 0 CustomLinks: – Url: https://resolver.ebscohost.com/openurl?sid=EBSCO:edb&genre=book&issn=&ISBN=9781467321723&volume=&issue=&date=&spage=1370&pages=1370-1375&title=2012 IEEE 11th International Conference on Trust, Security & Privacy in Computing & Communications&atitle=RedJsod%3A%20A%20Readable%20JavaScript%20Obfuscation%20Detector%20Using%20Semantic-based%20Analysis.&aulast=AL-Taharwa%2C%20Ismail%20Adel&id=DOI:10.1109/TrustCom.2012.235 Name: Full Text Finder Category: fullText Text: Full Text Finder Icon: https://imageserver.ebscohost.com/branding/images/FTF.gif MouseOverText: Full Text Finder |
|---|---|
| Header | DbId: edb DbLabel: Complementary Index An: 86535321 RelevancyScore: 849 AccessLevel: 6 PubType: Conference PubTypeId: conference PreciseRelevancyScore: 849.323059082031 |
| IllustrationInfo | |
| Items | – Name: Title Label: Title Group: Ti Data: RedJsod: A Readable JavaScript Obfuscation Detector Using Semantic-based Analysis. – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22AL-Taharwa%2C+Ismail+Adel%22">AL-Taharwa, Ismail Adel</searchLink><br /><searchLink fieldCode="AR" term="%22Lee%2C+Hahn-Ming%22">Lee, Hahn-Ming</searchLink><br /><searchLink fieldCode="AR" term="%22Jeng%2C+Albert+B%2E%22">Jeng, Albert B.</searchLink><br /><searchLink fieldCode="AR" term="%22Wu%2C+Kuo-Ping%22">Wu, Kuo-Ping</searchLink><br /><searchLink fieldCode="AR" term="%22Mao%2C+Ching-Hao%22">Mao, Ching-Hao</searchLink><br /><searchLink fieldCode="AR" term="%22Wei%2C+Te-En%22">Wei, Te-En</searchLink><br /><searchLink fieldCode="AR" term="%22Chen%2C+Shyi-Ming%22">Chen, Shyi-Ming</searchLink> – Name: TitleSource Label: Source Group: Src Data: 2012 IEEE 11th International Conference on Trust, Security & Privacy in Computing & Communications; 1/ 1/2012, p1370-1375, 6p – Name: Abstract Label: Abstract Group: Ab Data: JavaScript allows Web-developers to hide intention behind their code inside different looking scripts known as Obfuscated code. Automatic detection of obfuscated code is generally tackled from readability perspective. However, recently obfuscation exhibits patterns that modify both syntax and semantic characteristics while preserving readability characteristic. There are two problems in dealing with readable obfuscation: 1. Difficulty in locating it since it does not manipulate suspicious strings. 2. It is a common and essential practice adopted in both benign codes and malicious codes. In this work, we first investigate why and how readable obfuscation can hinder detection of maliciousness and prevent the static analysis of suspicious scripts. Next, we propose a readable JavaScript obfuscation detector (RedJsod) system to deal with this type of threat. RedJsod is a well defined detector based on variable length context-based feature extraction (VCLFE) scheme that takes advantages of abstract syntax tree (AST) representation of a given JavaScript code to infer run-time behaviors statically. We applied RedJsod to three datasets collected from real world Web-pages to evaluate its effectiveness. Also, we tested RedJsod on well-known readable obfuscation samples cited in related works as a proof of concept illustration. Our experimental results indicated that RedJsod achieved very high detection rates (greater than 97%) in terms of accuracy, eliminated false negatives completely, while at the same time yielded very few false positives. [ABSTRACT FROM PUBLISHER] – Name: Abstract Label: Group: Ab Data: <i>Copyright of 2012 IEEE 11th International Conference on Trust, Security & Privacy in Computing & Communications is the property of IEEE and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.) |
| PLink | https://erproxy.cvtisr.sk/sfx/access?url=https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=edb&AN=86535321 |
| RecordInfo | BibRecord: BibEntity: Identifiers: – Type: doi Value: 10.1109/TrustCom.2012.235 Languages: – Code: eng Text: English PhysicalDescription: Pagination: PageCount: 6 StartPage: 1370 Titles: – TitleFull: RedJsod: A Readable JavaScript Obfuscation Detector Using Semantic-based Analysis. Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: AL-Taharwa, Ismail Adel – PersonEntity: Name: NameFull: Lee, Hahn-Ming – PersonEntity: Name: NameFull: Jeng, Albert B. – PersonEntity: Name: NameFull: Wu, Kuo-Ping – PersonEntity: Name: NameFull: Mao, Ching-Hao – PersonEntity: Name: NameFull: Wei, Te-En – PersonEntity: Name: NameFull: Chen, Shyi-Ming IsPartOfRelationships: – BibEntity: Dates: – D: 01 M: 01 Text: 1/ 1/2012 Type: published Y: 2012 Identifiers: – Type: isbn-print Value: 9781467321723 Titles: – TitleFull: 2012 IEEE 11th International Conference on Trust, Security & Privacy in Computing & Communications Type: main |
| ResultId | 1 |