AMA: Static Code Analysis of Web Page for the Detection of Malicious Scripts

JavaScript language, through its dynamic feature, provides user interactivity with websites. It also pose serious security threats to both user and website. On top of this, obfuscation is widely used to hide its malicious purpose and to evade the detection of antivirus software. Malware embedded in...

Full description

Saved in:
Bibliographic Details
Published in:Procedia computer science Vol. 93; pp. 768 - 773
Main Authors: Seshagiri, Prabhu, Vazhayil, Anu, Sriram, Padmamala
Format: Journal Article
Language:English
Published: Elsevier B.V 2016
Subjects:
JavaScript
Obfuscation
Probable Plaintext attack
Static Detection
Probable Plaintext attack
Obfuscation
Static Detection
JavaScript
ISSN:1877-0509, 1877-0509
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:JavaScript language, through its dynamic feature, provides user interactivity with websites. It also pose serious security threats to both user and website. On top of this, obfuscation is widely used to hide its malicious purpose and to evade the detection of antivirus software. Malware embedded in web pages is regularly used as part of targeted attacks. To hinder detection by antivirus scanners, the malicious code is usually obfuscated, often with encodings like hexadecimal, unicode, base64, escaped characters and rarely with substitution ciphers like Vigenere, Caesar and Atbash. The malicious iframes are injected to the websites using JavaScript and are also made hidden from the users perspective in-order to prevent detection. To defend against obfuscated malicious JavaScript code, we propose a mostly static approach called, AMA, Amrita Malware Analyzer, a framework capable of detecting the presence of malicious code through static code analysis of web page. To this end, the framework performs probable plaintext attack using strings likely contained in malicious web pages. But this approach targets only few among many possible obfuscation strategies. The evaluation based on the links provided in the Malware domain list demonstrates high level accuracy
ISSN:1877-0509
1877-0509
DOI:10.1016/j.procs.2016.07.291