The Power of Obfuscation Techniques in Malicious Java']JavaScript Code: A Measurement Study

被引:0
|
作者
Xu, Wei [1 ]
Zhang, Fangfang [1 ]
Zhu, Sencun [1 ]
机构
[1] Penn State Univ, Dept Comp Sci & Engn, University Pk, PA 16802 USA
关键词
D O I
暂无
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
JavaScript based attacks have been reported as the top Internet security threats in recent years. Since most of the Internet users rely on anti-virus software to protect themselves from malicious JavaScript code, attackers exploit JavaScript obfuscation techniques to evade the detection of anti-virus software. To better understand the obfuscation techniques adopted by malicious JavaScript code, we conduct a measurement study. We first categorize observed JavaScript obfuscation techniques. T hen we conduct a statistic analysis on the usage of different categories of obfuscation techniques in real-world malicious JavaScript samples. We also study the detection effectiveness of 20 most popular anti-virus software against obfuscation techniques. Based on the results, we analyze the cause of the popularity of obfuscation in malicious JavaScript code; the reason behind the choice of obfuscation techniques and the difference between benign obfuscation and malicious obfuscation. Moreover, we also provide suggestions for designing effective obfuscation detection approaches in future.
引用
收藏
页码:9 / 16
页数:8
相关论文
共 50 条
  • [31] Securing Java']Java-Based mobile agents through byte code obfuscation techniques
    Shah, Syed Waqar
    Nixon, P.
    Ferguson, R. I.
    Hassnain, Syed Riaz ul
    Arbab, M. Naeem
    Khan, Laiq
    [J]. 10TH IEEE INTERNATIONAL MULTITOPIC CONFERENCE 2006, PROCEEDINGS, 2006, : 305 - +
  • [32] An Empirical Study on the Effects of Obfuscation on Static Machine Learning-Based Malicious JavaScript Detectors
    Ren, Kunlun
    Qiang, Weizhong
    Wu, Yueming
    Zhou, Yi
    Zou, Deqing
    Jin, Hai
    [J]. ISSTA 2023 - Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, 2023, : 1420 - 1432
  • [33] Obfuscated Malicious Java']JavaScript Detection by Machine Learning
    Pan, Jinkun
    Mao, Xiaoguang
    [J]. PROCEEDINGS OF THE 2ND INTERNATIONAL CONFERENCE ON ADVANCES IN MECHANICAL ENGINEERING AND INDUSTRIAL INFORMATICS (AMEII 2016), 2016, 73 : 805 - 810
  • [34] HIDENOSEEK: Camouflaging Malicious Java']JavaScript in Benign ASTs
    Fass, Aurore
    Backes, Michael
    Stock, Ben
    [J]. PROCEEDINGS OF THE 2019 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'19), 2019, : 1899 - 1913
  • [35] Advanced obfuscation techniques for Java']Java bytecode
    Chan, JT
    Yang, W
    [J]. JOURNAL OF SYSTEMS AND SOFTWARE, 2004, 71 (1-2) : 1 - 10
  • [36] A Method of Java']JavaScript path obfuscation based on Collatz conjecture
    Qin, Shukai
    Wang, Zhenyu
    Wang, Yonghong
    Xu, Kaijie
    [J]. 2015 12TH WEB INFORMATION SYSTEM AND APPLICATION CONFERENCE (WISA), 2015, : 330 - 333
  • [37] JS']JStrong: Malicious Java']JavaScript detection based on code semantic representation and graph neural network
    Fang, Yong
    Huang, Chaoyi
    Zeng, Minchuan
    Zhao, Zhiying
    Huang, Cheng
    [J]. COMPUTERS & SECURITY, 2022, 118
  • [38] An Exploratory Study of Analyzing Java']JavaScript Online Code Clones
    Misu, Md Rakib Hossain
    Satter, Abdus
    [J]. 30TH IEEE/ACM INTERNATIONAL CONFERENCE ON PROGRAM COMPREHENSION (ICPC 2022), 2022, : 94 - 98
  • [39] Js']JsSandbox: A Framework for Analyzing the Behavior of Malicious Java']JavaScript Code using Internal Function Hooking
    Kim, Hyoung Chun
    Choi, Young Han
    Lee, Dong Hoon
    [J]. KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS, 2012, 6 (02): : 766 - 783
  • [40] Power Based Malicious Code Detection Techniques for Smartphones
    Dixon, Bryan
    Mishra, Shivakant
    [J]. 2013 12TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2013), 2013, : 142 - 149