An Efficient Method for Detecting Obfuscated Suspicious JavaScript Based on Text Pattern Analysis
| Title | An Efficient Method for Detecting Obfuscated Suspicious JavaScript Based on Text Pattern Analysis |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Su, Jiawei, Yoshioka, Katsunari, Shikata, Junji, Matsumoto, Tsutomu |
| Conference Name | Proceedings of the 2016 ACM International on Workshop on Traffic Measurements for Cybersecurity |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4284-1 |
| Keywords | Human Behavior, information-theoretic measures, Metrics, natural language processing, obfuscated javascript, pubcrawl, Resiliency, text pattern analysis |
| Abstract | The malicious JavaScript is a common springboard for attackers to launch several types of network attacks, such as Drive-by-Download and malicious PDF delivery attack. In order to elude detection of signature matching, malicious JavaScript is often packed (so-called "obfuscation") with diversified algorithms therefore the occurrence of obfuscation is always a good pointer for potential maliciousness. In this investigation, we propose a light weight approach for quickly filtering obfuscated JavaScript by a novel method of tokenizing JavaScript text at letter level and information-theoretic measures, based on the previous work in the domain of detecting obfuscated malicious code as well as the pattern analysis of natural languages. The new approach is apparently time efficient compared to existing systems since it processes much less objects while it is also proved to be able to reach the acceptable detection accuracies. |
| URL | http://doi.acm.org/10.1145/2903185.2903189 |
| DOI | 10.1145/2903185.2903189 |
| Citation Key | su_efficient_2016 |