DocumentCode
1753559
Title
Obfuscated malicious JavaScript detection by Causal Relations Finding
Author
AL-Taharwa, Ismail Adel ; Mao, Ching-Hao ; Pao, Hsin-Kuo ; Wu, Kuo-Ping ; Faloutsos, Christos ; Lee, Hahn-Ming ; Chen, Shyi-Ming ; Jeng, Albert B.
Author_Institution
Dept. of Comput. Sci. & Inf. Eng., Nat. Taiwan Univ. of Sci. & Technol., Taipei, Taiwan
fYear
2011
fDate
13-16 Feb. 2011
Firstpage
787
Lastpage
792
Abstract
JavaScript code is often obfuscated; given such code, can we tell whether if it is malicious or benign? We propose Obfuscating Causal Relations Finding (OCRF), which addresses this problem. The contributions are the following: (1) careful feature extraction, using domain knowledge (2) no need for de-obfuscation, since our method can be applied to the obfuscated script directly, (3) combined obfuscation detection, with malicious obfuscated code detection (4) improved detection accuracy and significantly reduced false positives (while the average false positive rate of competitors is between 0.18 and 0.30. Our method decreases it between 0.03 and 0.1). Moreover, our method is easy to be implemented as a plug-in for Web browsers.
Keywords
Java; authoring languages; security of data; Web browsers; domain knowledge; feature extraction; obfuscated malicious JavaScript code detection; obfuscating causal relations finding; Browsers; Encoding; Error analysis; Feature extraction; Markov processes; Measurement uncertainty; Semantics; Hidden Markov Models; JavaScript; Obfuscation; Security; Sequence Mining;
fLanguage
English
Publisher
ieee
Conference_Titel
Advanced Communication Technology (ICACT), 2011 13th International Conference on
Conference_Location
Seoul
ISSN
1738-9445
Print_ISBN
978-1-4244-8830-8
Type
conf
Filename
5745929
Link To Document