Lightweight Detection Method of Obfuscated Landing Sites Based on the AST Structure and Tokens
Uložené v:
| Názov: | Lightweight Detection Method of Obfuscated Landing Sites Based on the AST Structure and Tokens |
|---|---|
| Autori: | KyungHyun Han, Seong Oun Hwang |
| Zdroj: | Applied Sciences, Vol 10, Iss 6116, p 6116 (2020) |
| Informácie o vydavateľovi: | MDPI AG |
| Rok vydania: | 2020 |
| Zbierka: | Directory of Open Access Journals: DOAJ Articles |
| Predmety: | malicious JavaScript, abstract syntax tree, static analysis, obfuscation detection, redirection detection, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999 |
| Popis: | Attackers use a variety of techniques to insert redirection JavaScript that leads a user to a malicious webpage, where a drive-by-download attack is executed. In particular, the redirection JavaScript in the landing site is obfuscated to avoid detection systems. In this paper, we propose a lightweight detection system based on static analysis to classify the obfuscation type and to promptly detect the obfuscated redirection JavaScript. The proposed model detects the obfuscated redirection JavaScript by converting the JavaScript into an abstract syntax tree (AST). Then, the structure and token information are extracted. Specifically, we propose a lightweight AST to identify the obfuscation type and the revised term frequency-inverse document frequency to efficiently detect the malicious redirection JavaScript. This approach enables rapid identification of the obfuscated redirection JavaScript and proactive blocking of the webpages that are used in drive-by-download attacks. |
| Druh dokumentu: | article in journal/newspaper |
| Jazyk: | English |
| Relation: | https://www.mdpi.com/2076-3417/10/17/6116; https://doaj.org/toc/2076-3417; https://doaj.org/article/7b5df539245b4bc1ab99a72b2bb9f1e9 |
| DOI: | 10.3390/app10176116 |
| Dostupnosť: | https://doi.org/10.3390/app10176116 https://doaj.org/article/7b5df539245b4bc1ab99a72b2bb9f1e9 |
| Prístupové číslo: | edsbas.F99E485 |
| Databáza: | BASE |
Nájsť tento článok vo Web of Science | Abstrakt: | Attackers use a variety of techniques to insert redirection JavaScript that leads a user to a malicious webpage, where a drive-by-download attack is executed. In particular, the redirection JavaScript in the landing site is obfuscated to avoid detection systems. In this paper, we propose a lightweight detection system based on static analysis to classify the obfuscation type and to promptly detect the obfuscated redirection JavaScript. The proposed model detects the obfuscated redirection JavaScript by converting the JavaScript into an abstract syntax tree (AST). Then, the structure and token information are extracted. Specifically, we propose a lightweight AST to identify the obfuscation type and the revised term frequency-inverse document frequency to efficiently detect the malicious redirection JavaScript. This approach enables rapid identification of the obfuscated redirection JavaScript and proactive blocking of the webpages that are used in drive-by-download attacks. |
|---|---|
| DOI: | 10.3390/app10176116 |