Obfuscated malicious javascript detection scheme using the feature based on divided URL

Shoya Morishige, Shuichiro Haruta, Hiromu Asahina, Iwao Sasase

研究成果: Conference contribution

6 被引用数 (Scopus)

抄録

On web application services, detecting obfuscated malicious JavaScript utilized for the attacks such as Drive-by-Download is an urgent demand. Obfuscation is a technique that modifies some elements of program codes and is used to evade the pattern matching of traditional anti-virus softwares. In particular, encode obfuscation is adopted in almost all malicious JavaScript codes as the most effective technique to hide their malicious intents. Therefore, many approaches focus on encode obfuscation to detect malicious JavaScript. However, we point out that malicious JavaScript obfuscated by the techniques except for encode obfuscation can easily evade those approaches. Motivated by the above, in this paper, we first investigated the malicious files that previous schemes cannot detect, and found that some files contain divided URL in their codes. In order to detect such JavaScript codes as malicious, we propose obfuscated malicious JavaScript detection scheme using the feature based on divided URL. We focus on the fact that the segments of URL are declared as variables and connected later. Our scheme stores variables and their contents in the dictionary type object and in the connection parts, verifies that malicious URL can be reconstructed. By the computer simulation with real dataset, we show that our scheme improves the detection effectiveness of the conventional scheme.

本文言語English
ホスト出版物のタイトル2017 23rd Asia-Pacific Conference on Communications
ホスト出版物のサブタイトルBridging the Metropolitan and the Remote, APCC 2017
出版社Institute of Electrical and Electronics Engineers Inc.
ページ1-6
ページ数6
ISBN(電子版)9781740523905
DOI
出版ステータスPublished - 2018 2月 27
イベント23rd Asia-Pacific Conference on Communications, APCC 2017 - Perth, Australia
継続期間: 2017 12月 112017 12月 13

出版物シリーズ

名前2017 23rd Asia-Pacific Conference on Communications: Bridging the Metropolitan and the Remote, APCC 2017
2018-January

Other

Other23rd Asia-Pacific Conference on Communications, APCC 2017
国/地域Australia
CityPerth
Period17/12/1117/12/13

ASJC Scopus subject areas

  • コンピュータ ネットワークおよび通信
  • 信号処理

フィンガープリント

「Obfuscated malicious javascript detection scheme using the feature based on divided URL」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル