Please use this identifier to cite or link to this item:
https://doi.org/10.21256/zhaw-3848| Publication type: | Conference paper |
| Type of review: | Peer review (publication) |
| Title: | Detecting obfuscated JavaScripts using machine learning |
| Authors: | Aebersold, Simon Kryszczuk, Krzysztof Paganoni, Sergio Tellenbach, Bernhard Trowbridge, Timothy |
| DOI: | 10.21256/zhaw-3848 |
| Proceedings: | ICIMP 2016 the Eleventh International Conference on Internet Monitoring and Protection : May 22-26, 2016, Valencia, Spain |
| Volume(Issue): | 1 |
| Page(s): | 11 |
| Pages to: | 17 |
| Conference details: | ICIMP 2016 the Eleventh International Conference on Internet Monitoring and Protection, Valencia, Spain, 22-26 May 2016 |
| Issue Date: | 2016 |
| Publisher / Ed. Institution: | Curran Associates |
| Publisher / Ed. Institution: | Red Hook |
| ISBN: | 978-1-61208-475-6 |
| ISSN: | 2308-3980 |
| Language: | English |
| Subjects: | Obfuscated JavaScript; Detection; Malicious JavaScript; Machine learning |
| Subject (DDC): | 006: Special computer methods |
| Abstract: | JavaScript is a common attack vector for attacking browsers, browser plug-ins, email clients and other JavaScript enabled applications. Malicious JavaScripts redirect victims to exploit kits, probe for known vulnerabilities to select a fitting exploit or manipulate the Document Object Model (DOM) of a web page in a harmful way. Malicious JavaScript code is often obfuscated in order to make it hard to detect using signature-based approaches. Since the only other reason to use obfuscation is to protect intellectual property, the share of scripts which are both benign and obfuscated is quite low, and could easily be captured with a whitelist. A detector that can reliably detect obfuscated JavaScripts would therefore be a valuable tool in fighting malicious JavaScripts. In this paper, we present a method for automatic detection of obfuscated JavaScript using a machine-learning approach. Using a dataset of regular, minified and obfuscated samples from a content delivery network and the Alexa top 500 websites, we show that it is possible to distinguish between obfuscated and non-obfuscated scripts with precision and recall around 99%. We also introduce a novel set of features, which help detect obfuscation in JavaScripts. Our results presented here shed additional light on the problem of distinguishing between malicious and benign scripts. |
| URI: | https://www.thinkmind.org/index.php?view=article&articleid=icimp_2016_1_20_30023 https://digitalcollection.zhaw.ch/handle/11475/7717 |
| Fulltext version: | Published version |
| License (according to publishing contract): | Not specified |
| Departement: | School of Engineering |
| Organisational Unit: | Institute of Computer Science (InIT) |
| Appears in collections: | Publikationen School of Engineering |
Files in This Item:
| File | Description | Size | Format | |
|---|---|---|---|---|
| sec_v9_n34_2016_10.pdf | 324.04 kB | Adobe PDF |  View/Open |
Show full item record
Aebersold, S., Kryszczuk, K., Paganoni, S., Tellenbach, B., & Trowbridge, T. (2016). Detecting obfuscated JavaScripts using machine learning [Conference paper]. ICIMP 2016 the Eleventh International Conference on Internet Monitoring and Protection : May 22-26, 2016, Valencia, Spain, 1, 11–17. https://doi.org/10.21256/zhaw-3848
Aebersold, S. et al. (2016) ‘Detecting obfuscated JavaScripts using machine learning’, in ICIMP 2016 the Eleventh International Conference on Internet Monitoring and Protection : May 22-26, 2016, Valencia, Spain. Red Hook: Curran Associates, pp. 11–17. Available at: https://doi.org/10.21256/zhaw-3848.
S. Aebersold, K. Kryszczuk, S. Paganoni, B. Tellenbach, and T. Trowbridge, “Detecting obfuscated JavaScripts using machine learning,” in ICIMP 2016 the Eleventh International Conference on Internet Monitoring and Protection : May 22-26, 2016, Valencia, Spain, 2016, vol. 1, pp. 11–17. doi: 10.21256/zhaw-3848.
AEBERSOLD, Simon, Krzysztof KRYSZCZUK, Sergio PAGANONI, Bernhard TELLENBACH und Timothy TROWBRIDGE, 2016. Detecting obfuscated JavaScripts using machine learning. In: ICIMP 2016 the Eleventh International Conference on Internet Monitoring and Protection : May 22-26, 2016, Valencia, Spain [online]. Conference paper. Red Hook: Curran Associates. 2016. S. 11–17. ISBN 978-1-61208-475-6. Verfügbar unter: https://www.thinkmind.org/index.php?view=article&articleid=icimp_2016_1_20_30023
Aebersold, Simon, Krzysztof Kryszczuk, Sergio Paganoni, Bernhard Tellenbach, and Timothy Trowbridge. 2016. “Detecting Obfuscated JavaScripts Using Machine Learning.” Conference paper. In ICIMP 2016 the Eleventh International Conference on Internet Monitoring and Protection : May 22-26, 2016, Valencia, Spain, 1:11–17. Red Hook: Curran Associates. https://doi.org/10.21256/zhaw-3848.
Aebersold, Simon, et al. “Detecting Obfuscated JavaScripts Using Machine Learning.” ICIMP 2016 the Eleventh International Conference on Internet Monitoring and Protection : May 22-26, 2016, Valencia, Spain, vol. 1, Curran Associates, 2016, pp. 11–17, https://doi.org/10.21256/zhaw-3848.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.