JAST: Fully Syntactic Detection of Malicious (Obfuscated) Java']JavaScript

被引:36
|
作者
Fass, Aurore [1 ]
Krawczyk, Robert P. [2 ]
Backes, Michael [3 ]
Stock, Ben [3 ]
机构
[1] Saarland Univ, CISPA, Saarland Informat Campus, Saarbrucken, Germany
[2] German Fed Off Informat Secur BSI, Bonn, Germany
[3] CISPA Helmholtz Ctr iG, Saarland Informat Campus, Saarbrucken, Germany
关键词
D O I
10.1007/978-3-319-93411-2_14
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
JavaScript is a browser scripting language initially created to enhance the interactivity of web sites and to improve their user-friendliness. However, as it offloads the work to the user's browser, it can be used to engage in malicious activities such as Crypto Mining, Drive-by Download attacks, or redirections to web sites hosting malicious software. Given the prevalence of such nefarious scripts, the antivirus industry has increased the focus on their detection. The attackers, in turn, make increasing use of obfuscation techniques, so as to hinder analysis and the creation of corresponding signatures. Yet these malicious samples share syntactic similarities at an abstract level, which enables to bypass obfuscation and detect even unknown malware variants. In this paper, we present JAST, a low-overhead solution that combines the extraction of features from the abstract syntax tree with a random forest classifier to detect malicious JavaScript instances. It is based on a frequency analysis of specific patterns, which are either predictive of benign or of malicious samples. Even though the analysis is entirely static, it yields a high detection accuracy of almost 99.5% and has a low false-negative rate of 0.54%.
引用
收藏
页码:303 / 325
页数:23
相关论文
共 50 条
  • [1] Detection of Obfuscated Malicious Java']JavaScript Code
    Alazab, Ammar
    Khraisat, Ansam
    Alazab, Moutaz
    Singh, Sarabjot
    [J]. FUTURE INTERNET, 2022, 14 (08):
  • [2] Obfuscated Malicious Java']JavaScript Detection by Machine Learning
    Pan, Jinkun
    Mao, Xiaoguang
    [J]. PROCEEDINGS OF THE 2ND INTERNATIONAL CONFERENCE ON ADVANCES IN MECHANICAL ENGINEERING AND INDUSTRIAL INFORMATICS (AMEII 2016), 2016, 73 : 805 - 810
  • [3] Obfuscated Malicious Java']Javascript Detection using Classification Techniques
    Likarish, Peter
    Jung, Eunjin E. J.
    Jo, Insoon
    [J]. 2009 4TH INTERNATIONAL CONFERENCE ON MALICIOUS AND UNWANTED SOFTWARE (MALWARE 2009), 2009, : 47 - +
  • [4] Detection of Obfuscated Malicious JavaScript Code
    Alazab, Ammar
    Khraisat, Ansam
    Alazab, Moutaz
    Singh, Sarabjot
    [J]. Future Internet, 2022, 14 (08)
  • [5] A Half-Dynamic Classification Method on Obfuscated Malicious Java']JavaScript Detection
    Fang, Zhaolin
    Zhu, Renhuan
    Zhang, Weihui
    Chen, Bo
    [J]. INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS, 2015, 9 (06): : 251 - 262
  • [6] Obfuscated Malicious Java']JavaScript Detection Scheme Using the Feature Based on Divided URL
    Morishige, Shoya
    Haruta, Shuichiro
    Asahina, Hiromu
    Sasase, Iwao
    [J]. 2017 23RD ASIA-PACIFIC CONFERENCE ON COMMUNICATIONS (APCC): BRIDGING THE METROPOLITAN AND THE REMOTE, 2017, : 518 - 523
  • [7] TransAST: A Machine Translation-Based Approach for Obfuscated Malicious Java']JavaScript Detection
    Qin, Yan
    Wang, Weiping
    Chen, Zixian
    Song, Hong
    Zhang, Shigeng
    [J]. 2023 53RD ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS, DSN, 2023, : 327 - 338
  • [8] On improvements of robustness of obfuscated Java']JavaScript code detection
    Ponomarenko, G. S.
    Klyucharev, P. G.
    [J]. JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES, 2023, 19 (03) : 387 - 398
  • [9] Deobfuscation, unpacking, and decoding of obfuscated malicious Java']JavaScript for machine learning models detection performance improvement
    Ndichu, Samuel
    Kim, Sangwook
    Ozawa, Seiichi
    [J]. CAAI TRANSACTIONS ON INTELLIGENCE TECHNOLOGY, 2020, 5 (03) : 184 - 192
  • [10] Malicious Java']JavaScript Detection by Features Extraction
    Canfora, Gerardo
    Mercaldo, Francesco
    Visaggio, Corrado Aaron
    [J]. E-INFORMATICA SOFTWARE ENGINEERING JOURNAL, 2014, 8 (01) : 65 - 78