Title :
Obfuscated malicious JavaScript detection by Causal Relations Finding
Author :
AL-Taharwa, Ismail Adel ; Mao, Ching-Hao ; Pao, Hsin-Kuo ; Wu, Kuo-Ping ; Faloutsos, Christos ; Lee, Hahn-Ming ; Chen, Shyi-Ming ; Jeng, Albert B.
Author_Institution :
Dept. of Comput. Sci. & Inf. Eng., Nat. Taiwan Univ. of Sci. & Technol., Taipei, Taiwan
Abstract :
JavaScript code is often obfuscated; given such code, can we tell whether if it is malicious or benign? We propose Obfuscating Causal Relations Finding (OCRF), which addresses this problem. The contributions are the following: (1) careful feature extraction, using domain knowledge (2) no need for de-obfuscation, since our method can be applied to the obfuscated script directly, (3) combined obfuscation detection, with malicious obfuscated code detection (4) improved detection accuracy and significantly reduced false positives (while the average false positive rate of competitors is between 0.18 and 0.30. Our method decreases it between 0.03 and 0.1). Moreover, our method is easy to be implemented as a plug-in for Web browsers.
Keywords :
Java; authoring languages; security of data; Web browsers; domain knowledge; feature extraction; obfuscated malicious JavaScript code detection; obfuscating causal relations finding; Browsers; Encoding; Error analysis; Feature extraction; Markov processes; Measurement uncertainty; Semantics; Hidden Markov Models; JavaScript; Obfuscation; Security; Sequence Mining;
Conference_Titel :
Advanced Communication Technology (ICACT), 2011 13th International Conference on
Conference_Location :
Seoul
Print_ISBN :
978-1-4244-8830-8
