Please use this identifier to cite or link to this item: https://doi.org/10.21256/zhaw-3848
Title: Detecting obfuscated JavaScripts using machine learning
Authors : Aebersold, Simon
Kryszczuk, Krzysztof
Paganoni, Sergio
Tellenbach, Bernhard
Trowbridge, Timothy
Proceedings: ICIMP 2016 the Eleventh International Conference on Internet Monitoring and Protection : May 22-26, 2016, Valencia, Spain
Volume(Issue) : 1
Pages : 11
Pages to: 17
Conference details: ICIMP 2016 the Eleventh International Conference on Internet Monitoring and Protection, Valencia, May 22-26, 2016
Publisher / Ed. Institution : Curran Associates
Publisher / Ed. Institution: Red Hook
Issue Date: May-2016
License (according to publishing contract) : Not specified
Type of review: Peer review (Publication)
Language : English
Subjects : Obfuscated JavaScript; Detection; Malicious JavaScript; Machine learning
Subject (DDC) : 004: Computer science
Abstract: JavaScript is a common attack vector for attacking browsers, browser plug-ins, email clients and other JavaScript enabled applications. Malicious JavaScripts redirect victims to exploit kits, probe for known vulnerabilities to select a fitting exploit or manipulate the Document Object Model (DOM) of a web page in a harmful way. Malicious JavaScript code is often obfuscated in order to make it hard to detect using signature-based approaches. Since the only other reason to use obfuscation is to protect intellectual property, the share of scripts which are both benign and obfuscated is quite low, and could easily be captured with a whitelist. A detector that can reliably detect obfuscated JavaScripts would therefore be a valuable tool in fighting malicious JavaScripts. In this paper, we present a method for automatic detection of obfuscated JavaScript using a machine-learning approach. Using a dataset of regular, minified and obfuscated samples from a content delivery network and the Alexa top 500 websites, we show that it is possible to distinguish between obfuscated and non-obfuscated scripts with precision and recall around 99%. We also introduce a novel set of features, which help detect obfuscation in JavaScripts. Our results presented here shed additional light on the problem of distinguishing between malicious and benign scripts.
Departement: School of Engineering
Organisational Unit: Institute of Applied Information Technology (InIT)
Publication type: Conference Paper
DOI : 10.21256/zhaw-3848
ISBN: 978-1-61208-475-6
ISSN: 2308-3980
URI: https://www.thinkmind.org/index.php?view=article&articleid=icimp_2016_1_20_30023
https://digitalcollection.zhaw.ch/handle/11475/7717
Appears in Collections:Publikationen School of Engineering

Files in This Item:
File Description SizeFormat 
sec_v9_n34_2016_10.pdf324.04 kBAdobe PDFThumbnail
View/Open


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.