TY - GEN
T1 - The power of obfuscation techniques in malicious JavaScript code
T2 - 2012 7th International Conference on Malicious and Unwanted Software, Malware 2012
AU - Xu, Wei
AU - Zhang, Fangfang
AU - Zhu, Sencun
N1 - Funding Information:
A.E.V., M.B.C., D.O. and G.B.B. are supported by grants from the National Secretariat of Science Technology and Innovation (SENACYT) of Panama, the National System of Research (SNI), Santa María la Antigua University and the Melo Brain Research Project, respectively.
Funding Information:
A.E.V., M.B.C., D.O. and G.B.B. are supported by grants from the National Secretariat of Science Technology and Innovation (SENACYT) of Panama, the National System of Research (SNI), Santa Mar?a la Antigua University and the Melo Brain Research Project, respectively.
PY - 2012
Y1 - 2012
N2 - JavaScript based attacks have been reported as the top Internet security threats in recent years. Since most of the Internet users rely on anti-virus software to protect themselves from malicious JavaScript code, attackers exploit JavaScript obfuscation techniques to evade the detection of anti-virus software. To better understand the obfuscation techniques adopted by malicious JavaScript code, we conduct a measurement study. We first categorize observed JavaScript obfuscation techniques. Then we conduct a statistic analysis on the usage of different categories of obfuscation techniques in real-world malicious JavaScript samples. We also study the detection effectiveness of 20 most popular anti-virus software against obfuscation techniques. Based on the results, we analyze the cause of the popularity of obfuscation in malicious JavaScript code; the reason behind the choice of obfuscation techniques and the difference between benign obfuscation and malicious obfuscation. Moreover, we also provide suggestions for designing effective obfuscation detection approaches in future.
AB - JavaScript based attacks have been reported as the top Internet security threats in recent years. Since most of the Internet users rely on anti-virus software to protect themselves from malicious JavaScript code, attackers exploit JavaScript obfuscation techniques to evade the detection of anti-virus software. To better understand the obfuscation techniques adopted by malicious JavaScript code, we conduct a measurement study. We first categorize observed JavaScript obfuscation techniques. Then we conduct a statistic analysis on the usage of different categories of obfuscation techniques in real-world malicious JavaScript samples. We also study the detection effectiveness of 20 most popular anti-virus software against obfuscation techniques. Based on the results, we analyze the cause of the popularity of obfuscation in malicious JavaScript code; the reason behind the choice of obfuscation techniques and the difference between benign obfuscation and malicious obfuscation. Moreover, we also provide suggestions for designing effective obfuscation detection approaches in future.
UR - http://www.scopus.com/inward/record.url?scp=84874560027&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84874560027&partnerID=8YFLogxK
U2 - 10.1109/MALWARE.2012.6461002
DO - 10.1109/MALWARE.2012.6461002
M3 - Conference contribution
AN - SCOPUS:84874560027
SN - 9781467348782
T3 - Proceedings of the 2012 7th International Conference on Malicious and Unwanted Software, Malware 2012
SP - 9
EP - 16
BT - Proceedings of the 2012 7th International Conference on Malicious and Unwanted Software, Malware 2012
Y2 - 16 October 2012 through 18 October 2012
ER -