Bitte benutzen Sie diese Kennung, um auf die Ressource zu verweisen:
https://doi.org/10.21256/zhaw-3848
Publikationstyp: | Konferenz: Paper |
Art der Begutachtung: | Peer review (Publikation) |
Titel: | Detecting obfuscated JavaScripts using machine learning |
Autor/-in: | Aebersold, Simon Kryszczuk, Krzysztof Paganoni, Sergio Tellenbach, Bernhard Trowbridge, Timothy |
DOI: | 10.21256/zhaw-3848 |
Tagungsband: | ICIMP 2016 the Eleventh International Conference on Internet Monitoring and Protection : May 22-26, 2016, Valencia, Spain |
Band(Heft): | 1 |
Seite(n): | 11 |
Seiten bis: | 17 |
Angaben zur Konferenz: | ICIMP 2016 the Eleventh International Conference on Internet Monitoring and Protection, Valencia, Spain, 22-26 May 2016 |
Erscheinungsdatum: | 2016 |
Verlag / Hrsg. Institution: | Curran Associates |
Verlag / Hrsg. Institution: | Red Hook |
ISBN: | 978-1-61208-475-6 |
ISSN: | 2308-3980 |
Sprache: | Englisch |
Schlagwörter: | Obfuscated JavaScript; Detection; Malicious JavaScript; Machine learning |
Fachgebiet (DDC): | 006: Spezielle Computerverfahren |
Zusammenfassung: | JavaScript is a common attack vector for attacking browsers, browser plug-ins, email clients and other JavaScript enabled applications. Malicious JavaScripts redirect victims to exploit kits, probe for known vulnerabilities to select a fitting exploit or manipulate the Document Object Model (DOM) of a web page in a harmful way. Malicious JavaScript code is often obfuscated in order to make it hard to detect using signature-based approaches. Since the only other reason to use obfuscation is to protect intellectual property, the share of scripts which are both benign and obfuscated is quite low, and could easily be captured with a whitelist. A detector that can reliably detect obfuscated JavaScripts would therefore be a valuable tool in fighting malicious JavaScripts. In this paper, we present a method for automatic detection of obfuscated JavaScript using a machine-learning approach. Using a dataset of regular, minified and obfuscated samples from a content delivery network and the Alexa top 500 websites, we show that it is possible to distinguish between obfuscated and non-obfuscated scripts with precision and recall around 99%. We also introduce a novel set of features, which help detect obfuscation in JavaScripts. Our results presented here shed additional light on the problem of distinguishing between malicious and benign scripts. |
URI: | https://www.thinkmind.org/index.php?view=article&articleid=icimp_2016_1_20_30023 https://digitalcollection.zhaw.ch/handle/11475/7717 |
Volltext Version: | Publizierte Version |
Lizenz (gemäss Verlagsvertrag): | Keine Angabe |
Departement: | School of Engineering |
Organisationseinheit: | Institut für Informatik (InIT) |
Enthalten in den Sammlungen: | Publikationen School of Engineering |
Dateien zu dieser Ressource:
Datei | Beschreibung | Größe | Format | |
---|---|---|---|---|
sec_v9_n34_2016_10.pdf | 324.04 kB | Adobe PDF | Öffnen/Anzeigen |
Zur Langanzeige
Aebersold, S., Kryszczuk, K., Paganoni, S., Tellenbach, B., & Trowbridge, T. (2016). Detecting obfuscated JavaScripts using machine learning [Conference paper]. ICIMP 2016 the Eleventh International Conference on Internet Monitoring and Protection : May 22-26, 2016, Valencia, Spain, 1, 11–17. https://doi.org/10.21256/zhaw-3848
Aebersold, S. et al. (2016) ‘Detecting obfuscated JavaScripts using machine learning’, in ICIMP 2016 the Eleventh International Conference on Internet Monitoring and Protection : May 22-26, 2016, Valencia, Spain. Red Hook: Curran Associates, pp. 11–17. Available at: https://doi.org/10.21256/zhaw-3848.
S. Aebersold, K. Kryszczuk, S. Paganoni, B. Tellenbach, and T. Trowbridge, “Detecting obfuscated JavaScripts using machine learning,” in ICIMP 2016 the Eleventh International Conference on Internet Monitoring and Protection : May 22-26, 2016, Valencia, Spain, 2016, vol. 1, pp. 11–17. doi: 10.21256/zhaw-3848.
AEBERSOLD, Simon, Krzysztof KRYSZCZUK, Sergio PAGANONI, Bernhard TELLENBACH und Timothy TROWBRIDGE, 2016. Detecting obfuscated JavaScripts using machine learning. In: ICIMP 2016 the Eleventh International Conference on Internet Monitoring and Protection : May 22-26, 2016, Valencia, Spain [online]. Conference paper. Red Hook: Curran Associates. 2016. S. 11–17. ISBN 978-1-61208-475-6. Verfügbar unter: https://www.thinkmind.org/index.php?view=article&articleid=icimp_2016_1_20_30023
Aebersold, Simon, Krzysztof Kryszczuk, Sergio Paganoni, Bernhard Tellenbach, and Timothy Trowbridge. 2016. “Detecting Obfuscated JavaScripts Using Machine Learning.” Conference paper. In ICIMP 2016 the Eleventh International Conference on Internet Monitoring and Protection : May 22-26, 2016, Valencia, Spain, 1:11–17. Red Hook: Curran Associates. https://doi.org/10.21256/zhaw-3848.
Aebersold, Simon, et al. “Detecting Obfuscated JavaScripts Using Machine Learning.” ICIMP 2016 the Eleventh International Conference on Internet Monitoring and Protection : May 22-26, 2016, Valencia, Spain, vol. 1, Curran Associates, 2016, pp. 11–17, https://doi.org/10.21256/zhaw-3848.
Alle Ressourcen in diesem Repository sind urheberrechtlich geschützt, soweit nicht anderweitig angezeigt.