论文信息 - The power of obfuscation techniques in malicious JavaScript code: A measurement study

The power of obfuscation techniques in malicious JavaScript code: A measurement study

JavaScript based attacks have been reported as the top Internet security threats in recent years. Since most of the Internet users rely on anti-virus software to protect themselves from malicious JavaScript code, attackers exploit JavaScript obfuscation techniques to evade the detection of anti-virus software. To better understand the obfuscation techniques adopted by malicious JavaScript code, we conduct a measurement study. We first categorize observed JavaScript obfuscation techniques. Then we conduct a statistic analysis on the usage of different categories of obfuscation techniques in real-world malicious JavaScript samples. We also study the detection effectiveness of 20 most popular anti-virus software against obfuscation techniques. Based on the results, we analyze the cause of the popularity of obfuscation in malicious JavaScript code; the reason behind the choice of obfuscation techniques and the difference between benign obfuscation and malicious obfuscation. Moreover, we also provide suggestions for designing effective obfuscation detection approaches in future.

[1] Niels Provos,et al. All Your iFRAMEs Point to Us , 2008, USENIX Security Symposium.

[2] Kumar Chellapilla,et al. A taxonomy of JavaScript redirection spam , 2007, AIRWeb '07.

[3] Clark Thomborson,et al. Manufacturing cheap, resilient, and stealthy opaque constructs , 1998, POPL '98.

[4] Somesh Jha,et al. Testing malware detectors , 2004, ISSTA '04.

[5] Michael Meier,et al. Throwing a MonkeyWrench into Web Attackers Plans , 2010, Communications and Multimedia Security.

[6] YoungHan Choi,et al. Automatic Detection for JavaScript Obfuscation Attacks in Web Pages through String Pattern Analysis , 2009, FGIT.

[7] Ben Zorn,et al. "NOFUS: Automatically Detecting" + String.fromCharCode(32) + "ObFuSCateD ".toLowerCase() + "JavaScript Code" , 2011 .

[8] Jeremiah Grossman,et al. XSS Attacks: Cross Site Scripting Exploits and Defense , 2007 .

[9] Christopher Krügel,et al. Preventing Cross Site Request Forgery Attacks , 2006, 2006 Securecomm and Workshops.

[10] Benjamin Livshits,et al. ZOZZLE: Fast and Precise In-Browser JavaScript Malware Detection , 2011, USENIX Security Symposium.

[11] Eunjin Jung,et al. Obfuscated malicious javascript detection using classification techniques , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).