JSOD: JavaScript obfuscation detector
Saved in:
| Title: | JSOD: JavaScript obfuscation detector |
|---|---|
| Authors: | Al-Taharwa, I.A., Lee, H.-M., Jeng, A.B., Wu, K.-P., Ho, C.-S., Chen, S.-M. |
| Publication Year: | 2015 |
| Collection: | National Taiwan University of Science and Technology Repository (NTUSTR) / 台灣科技大學 |
| Subject Terms: | AST, Drive-by-download, Machine learning, Malicious code detection, Obfuscated JavaScript, Static analysis |
| Description: | JavaScript obfuscation is a deliberate act of making a script difficult to understand by concealing its purpose. The prevalent use of obfuscation techniques to hide malicious codes and to preserve copyrights of benign scripts resulted in (i) missing detection of malicious scripts that are obfuscated and (ii) raising false alarms due to the benign scripts that are obfuscated. Automatic detection of obfuscated JavaScript is generally undertaken by tackling the problem from the readability perspective. Recently, Microsoft research team analyzed different levels of context-based features to distinguish obfuscated malicious scripts from obfuscated benign ones. In this work, we raise the issue of existing readable versions of obfuscated scripts. Further, we discuss the challenges posed by readably obfuscated scripts against both JavaScript malware detectors and obfuscated scripts detectors. Therefore, we propose JavaScript Obfuscation Detector (JSOD), a completely static solution to detect obfuscated scripts including readable patterns. To evaluate JSOD, we compare it to the state-of-the-art approaches to detect obfuscated malicious and obfuscated benign script, namely,Zozzle andNofus. Our experimental results demonstrate the importance to detect readably obfuscated scripts and their sophisticated variations. Furthermore, they also show the superiority ofJSOD approach against all relevant solutions. Copyright 2014 John Wiley & Sons, Ltd. |
| Document Type: | other/unknown material |
| Language: | English |
| Relation: | Security and Communication Networks, Volume 8, Issue 6, Page: 1092 - 1107; http://ir.lib.ntust.edu.tw/handle/987654321/51574; http://ir.lib.ntust.edu.tw/bitstream/987654321/51574/-1/index.html |
| DOI: | 10.1002/sec.1064 |
| Availability: | http://ir.lib.ntust.edu.tw/handle/987654321/51574 https://doi.org/10.1002/sec.1064 http://ir.lib.ntust.edu.tw/bitstream/987654321/51574/-1/index.html |
| Accession Number: | edsbas.AD1E352E |
| Database: | BASE |
Nájsť tento článok vo Web of Science | Abstract: | JavaScript obfuscation is a deliberate act of making a script difficult to understand by concealing its purpose. The prevalent use of obfuscation techniques to hide malicious codes and to preserve copyrights of benign scripts resulted in (i) missing detection of malicious scripts that are obfuscated and (ii) raising false alarms due to the benign scripts that are obfuscated. Automatic detection of obfuscated JavaScript is generally undertaken by tackling the problem from the readability perspective. Recently, Microsoft research team analyzed different levels of context-based features to distinguish obfuscated malicious scripts from obfuscated benign ones. In this work, we raise the issue of existing readable versions of obfuscated scripts. Further, we discuss the challenges posed by readably obfuscated scripts against both JavaScript malware detectors and obfuscated scripts detectors. Therefore, we propose JavaScript Obfuscation Detector (JSOD), a completely static solution to detect obfuscated scripts including readable patterns. To evaluate JSOD, we compare it to the state-of-the-art approaches to detect obfuscated malicious and obfuscated benign script, namely,Zozzle andNofus. Our experimental results demonstrate the importance to detect readably obfuscated scripts and their sophisticated variations. Furthermore, they also show the superiority ofJSOD approach against all relevant solutions. Copyright 2014 John Wiley & Sons, Ltd. |
|---|---|
| DOI: | 10.1002/sec.1064 |