From Obfuscated to Obvious: A Comprehensive JavaScript Deobfuscation Tool for Security Analysis
Saved in:
| Title: | From Obfuscated to Obvious: A Comprehensive JavaScript Deobfuscation Tool for Security Analysis |
|---|---|
| Authors: | Zhou, Dongchao, Ying, Lingyun, Chai, Huajun, Wang, Dongbin |
| Publication Year: | 2025 |
| Collection: | ArXiv.org (Cornell University Library) |
| Subject Terms: | Cryptography and Security, Software Engineering |
| Description: | JavaScript's widespread adoption has made it an attractive target for malicious attackers who employ sophisticated obfuscation techniques to conceal harmful code. Current deobfuscation tools suffer from critical limitations that severely restrict their practical effectiveness. Existing tools struggle with diverse input formats, address only specific obfuscation types, and produce cryptic output that impedes human analysis. To address these challenges, we present JSIMPLIFIER, a comprehensive deobfuscation tool using a multi-stage pipeline with preprocessing, abstract syntax tree-based static analysis, dynamic execution tracing, and Large Language Model (LLM)-enhanced identifier renaming. We also introduce multi-dimensional evaluation metrics that integrate control/data flow analysis, code simplification assessment, entropy measures and LLM-based readability assessments. We construct and release the largest real-world obfuscated JavaScript dataset with 44,421 samples (23,212 wild malicious + 21,209 benign samples). Evaluation shows JSIMPLIFIER outperforms existing tools with 100% processing capability across 20 obfuscation techniques, 100% correctness on evaluation subsets, 88.2% code complexity reduction, and over 4-fold readability improvement validated by multiple LLMs. Our results advance benchmarks for JavaScript deobfuscation research and practical security applications. |
| Document Type: | text |
| Language: | unknown |
| Relation: | http://arxiv.org/abs/2512.14070 |
| DOI: | 10.14722/ndss.2026.242198 |
| Availability: | http://arxiv.org/abs/2512.14070 https://doi.org/10.14722/ndss.2026.242198 |
| Accession Number: | edsbas.3BA57122 |
| Database: | BASE |
Nájsť tento článok vo Web of Science | Abstract: | JavaScript's widespread adoption has made it an attractive target for malicious attackers who employ sophisticated obfuscation techniques to conceal harmful code. Current deobfuscation tools suffer from critical limitations that severely restrict their practical effectiveness. Existing tools struggle with diverse input formats, address only specific obfuscation types, and produce cryptic output that impedes human analysis. To address these challenges, we present JSIMPLIFIER, a comprehensive deobfuscation tool using a multi-stage pipeline with preprocessing, abstract syntax tree-based static analysis, dynamic execution tracing, and Large Language Model (LLM)-enhanced identifier renaming. We also introduce multi-dimensional evaluation metrics that integrate control/data flow analysis, code simplification assessment, entropy measures and LLM-based readability assessments. We construct and release the largest real-world obfuscated JavaScript dataset with 44,421 samples (23,212 wild malicious + 21,209 benign samples). Evaluation shows JSIMPLIFIER outperforms existing tools with 100% processing capability across 20 obfuscation techniques, 100% correctness on evaluation subsets, 88.2% code complexity reduction, and over 4-fold readability improvement validated by multiple LLMs. Our results advance benchmarks for JavaScript deobfuscation research and practical security applications. |
|---|---|
| DOI: | 10.14722/ndss.2026.242198 |