Optimizing Away JavaScript Obfuscation
| Title | Optimizing Away JavaScript Obfuscation |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Herrera, Adrian |
| Conference Name | 2020 IEEE 20th International Working Conference on Source Code Analysis and Manipulation (SCAM) |
| Date Published | Oct. 2020 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-9248-2 |
| Keywords | Collaboration, Human Behavior, human factors, Internet, JavaScript, Malware, Manuals, Metrics, obfuscation, Open Source Software, Payloads, policy-based governance, pubcrawl, resilience, Resiliency, Safe Coding, static analysis, Tools |
| Abstract | JavaScript is a popular attack vector for releasing malicious payloads on unsuspecting Internet users. Authors of this malicious JavaScript often employ numerous obfuscation techniques in order to prevent the automatic detection by antivirus and hinder manual analysis by professional malware analysts. Consequently, this paper presents SAFE-DEOBS, a JavaScript deobfuscation tool that we have built. The aim of SAFE-DEOBS is to automatically deobfuscate JavaScript malware such that an analyst can more rapidly determine the malicious script's intent. This is achieved through a number of static analyses, inspired by techniques from compiler theory. We demonstrate the utility of SAFE-DEOBS through a case study on real-world JavaScript malware, and show that it is a useful addition to a malware analyst's toolset. |
| URL | https://ieeexplore.ieee.org/document/9251923 |
| DOI | 10.1109/SCAM51674.2020.00029 |
| Citation Key | herrera_optimizing_2020 |