• DocumentCode
    1753559
  • Title

    Obfuscated malicious JavaScript detection by Causal Relations Finding

  • Author

    AL-Taharwa, Ismail Adel ; Mao, Ching-Hao ; Pao, Hsin-Kuo ; Wu, Kuo-Ping ; Faloutsos, Christos ; Lee, Hahn-Ming ; Chen, Shyi-Ming ; Jeng, Albert B.

  • Author_Institution
    Dept. of Comput. Sci. & Inf. Eng., Nat. Taiwan Univ. of Sci. & Technol., Taipei, Taiwan
  • fYear
    2011
  • fDate
    13-16 Feb. 2011
  • Firstpage
    787
  • Lastpage
    792
  • Abstract
    JavaScript code is often obfuscated; given such code, can we tell whether if it is malicious or benign? We propose Obfuscating Causal Relations Finding (OCRF), which addresses this problem. The contributions are the following: (1) careful feature extraction, using domain knowledge (2) no need for de-obfuscation, since our method can be applied to the obfuscated script directly, (3) combined obfuscation detection, with malicious obfuscated code detection (4) improved detection accuracy and significantly reduced false positives (while the average false positive rate of competitors is between 0.18 and 0.30. Our method decreases it between 0.03 and 0.1). Moreover, our method is easy to be implemented as a plug-in for Web browsers.
  • Keywords
    Java; authoring languages; security of data; Web browsers; domain knowledge; feature extraction; obfuscated malicious JavaScript code detection; obfuscating causal relations finding; Browsers; Encoding; Error analysis; Feature extraction; Markov processes; Measurement uncertainty; Semantics; Hidden Markov Models; JavaScript; Obfuscation; Security; Sequence Mining;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Advanced Communication Technology (ICACT), 2011 13th International Conference on
  • Conference_Location
    Seoul
  • ISSN
    1738-9445
  • Print_ISBN
    978-1-4244-8830-8
  • Type

    conf

  • Filename
    5745929