Filters








739 Hits in 6.1 sec

The power of obfuscation techniques in malicious JavaScript code: A measurement study

Wei Xu, Fangfang Zhang, Sencun Zhu
2012 2012 7th International Conference on Malicious and Unwanted Software  
To better understand the obfuscation techniques adopted by malicious JavaScript code, we conduct a measurement study. We first categorize observed JavaScript obfuscation techniques.  ...  Then we conduct a statistic analysis on the usage of different categories of obfuscation techniques in real-world malicious JavaScript samples.  ...  Conclusion and Future Work In this paper, we conduct a measurement study on the usage of obfuscation techniques in malicious JavaScript code.  ... 
doi:10.1109/malware.2012.6461002 dblp:conf/malware/XuZZ12 fatcat:pv66mcpsfrgqjhmrrtqbkzeb5q

Detection of Obfuscated Malicious JavaScript Code

Ammar Alazab, Ansam Khraisat, Moutaz Alazab, Sarabjot Singh
2022 Future Internet  
We also present a new set of features, which can detect obfuscation in JavaScript.  ...  This paper proposes an automatic IDS of obfuscated JavaScript that employs several features and machine-learning techniques that effectively distinguish malicious and benign JavaScript codes.  ...  Conflicts of Interest: The authors declare that they have no conflict of interest.  ... 
doi:10.3390/fi14080217 fatcat:fzjapxqd4fct7pkubrx2eta64a

A measurement study of insecure javascript practices on the web

Chuan Yue, Haining Wang
2013 ACM Transactions on the Web  
In this article, we present the first measurement study on insecure practices of using JavaScript on the Web.  ...  from external domains into the top-level documents of their webpages; (2) over 44.4% of the measured websites use the dangerous eval() function to dynamically generate and execute JavaScript code on their  ...  ACKNOWLEDGMENTS The authors sincerely thank anonymous reviewers for their valuable suggestions and comments.  ... 
doi:10.1145/2460383.2460386 fatcat:kz7nu2bu2vgyjb4vxjptgxxp34

Intelligent Defense against Malicious JavaScript Code

Tammo Krueger, Konrad Rieck
2012 PIK - Praxis der Informationsverarbeitung und Kommunikation  
Embedded in a web proxy, Cujo transparently inspects web pages and blocks the delivery of malicious JavaScript code.  ...  A lightweight static and dynamic analysis is performed, which enables learning and detecting malicious patterns in the structure and behavior of JavaScript code.  ...  We proceed to study the ability of C to detect malicious JavaScript code in practice.  ... 
doi:10.1515/pik-2012-0009 fatcat:34pjgv35jjbfdil3uwbr6z4rwm

Intelligent Defense against Malicious JavaScript Code

Tammo Krueger, Konrad Rieck
2012 PIK - Praxis der Informationsverarbeitung und Kommunikation  
Embedded in a web proxy, Cujo transparently inspects web pages and blocks the delivery of malicious JavaScript code.  ...  A lightweight static and dynamic analysis is performed, which enables learning and detecting malicious patterns in the structure and behavior of JavaScript code.  ...  We proceed to study the ability of C to detect malicious JavaScript code in practice.  ... 
doi:10.1515/pik-2012-0009piko.2012.35.1.54 fatcat:jrfvhtbi7reeva5a3y2jc7h4qa

Leveraging WebAssembly for Numerical JavaScript Code Virtualization

Shuai Wang, Dingyi Fang, Zheng Wang, Guixin Ye, Meng Li, Lu Yuan, Zhanyong Tang, Huanting Wang, Wei Wang, Fuwei Wang, Jie Ren
2019 IEEE Access  
We evaluate JSPro on a set of numerical JavaScript algorithms widely used in many applications.  ...  This paper presents JSPro, a novel code virtualization system for JavaScript. JSPro is the first JavaScript code obfuscation tool that builds upon the emerging WebAssembly language standard.  ...  JavaScript code: A Measurement Study [34] .  ... 
doi:10.1109/access.2019.2953511 fatcat:x43duxnnr5ectfp2baefvaiie4

AMSI-Based Detection of Malicious PowerShell Code Using Contextual Embeddings [article]

Amir Rubin, Shay Kels, Danny Hendler
2019 arXiv   pre-print
In this work, we conduct the first study of malicious PowerShell code detection using the information made available by AMSI.  ...  This makes the problem of detecting malicious PowerShell code both urgent and challenging.  ...  In this work, we conduct the first study of malicious PowerShell code detection using the information made available by AMSI.  ... 
arXiv:1905.09538v2 fatcat:ppvympp3qncm7h3njvje4gjcsa

Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks [chapter]

Manuel Egele, Peter Wurzinger, Christopher Kruegel, Engin Kirda
2009 Lecture Notes in Computer Science  
To counter drive-by downloads, we propose a technique that relies on x86 instruction emulation to identify JavaScript string buffers that contain shellcode.  ...  We have implemented a prototype of our system, and evaluated it over thousands of malicious and legitimate web sites.  ...  Call, Austria, Secure Business Austria (SBA), and the WOMBAT and FORWARD projects funded by the European Commission in the 7th Framework.  ... 
doi:10.1007/978-3-642-02918-9_6 fatcat:7scqszwyujbdphoa2bmyzqojuq

Assessment of Source Code Obfuscation Techniques

Alessio Viticchie, Leonardo Regano, Marco Torchiano, Cataldo Basile, Mariano Ceccato, Paolo Tonella, Roberto Tiella
2016 2016 IEEE 16th International Working Conference on Source Code Analysis and Manipulation (SCAM)  
While preliminary empirical studies have been conducted to determine the impact of code obfuscation, our work aims at assessing the effectiveness and efficiency in preventing attacks of a specific data  ...  Obfuscation techniques are a general category of software protections widely adopted to prevent malicious tampering of the code by making applications more difficult to understand and thus harder to modify  ...  ACKNOWLEDGEMENT The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant agreement number 609734.  ... 
doi:10.1109/scam.2016.17 dblp:conf/scam/ViticchieRTBCTT16 fatcat:ohikixngkjdevm2zn3gkiiftzu

SCORE: Source Code Optimization & REconstruction

Jae Hyuk Suk, Young Bi Lee, Dong Hoon Lee
2020 IEEE Access  
In [33] , the resilience of obfuscated C code was measured using program slicing. By measuring the resilience, they measured the degree of resistance to automated deobfuscation tools.  ...  SCORE can quickly cope with source-level obfuscation applied in a malicious scenario. A.  ...  He is currently a Professor with the Graduate School of Information Security at Korea University.  ... 
doi:10.1109/access.2020.3008905 fatcat:zdop4dci4vbudfmd2xu5uz46vq

Vulnerability Detection in Remote Code Execution A Survey
IJARCCE - Computer and Communication Engineering

MANISH SHARMA, SHIVKUMAR SINGH TOMAR, SUBODH KUMAR
2014 IJARCCE  
Now a days Remote Code Execution (RCE) threat is in the dangerous span over the internet.  ...  So in this paper we have discussed RCE in detail with the control techniques which are suggested in the previous research as well as the future scope of betterment.  ...  Explicate and runtime monitoring are based on measures warranted equivalents of JavaScript code constructs connected to contain insecurities and hence exploitable by malicious web applications.  ... 
doi:10.17148/ijarcce.2014.31044 fatcat:kh6k2sovk5ac3e2t7lmlcyn23m

o-glasses: Visualizing x86 Code from Binary Using a 1d-CNN [article]

Yuhei Otsubo and Akira Otsuka and Mamoru Mimura and Takeshi Sakaki and Atsuhiro Goto
2018 arXiv   pre-print
, such as, a decoder for the obfuscated body of the shellcode.  ...  Malicious document files used in targeted attacks often contain a small program called shellcode.  ...  The method focuses only on JavaScript in PDF files. Hence, the method does not work well when the exploit code is not written in JavaScript.  ... 
arXiv:1806.05328v1 fatcat:s3tjfibkfjck7ltpgm3hghybcy

A large study on the effect of code obfuscation on the quality of java code

Mariano Ceccato, Andrea Capiluppi, Paolo Falcarin, Cornelia Boldyreff
2014 Empirical Software Engineering  
Method: In this study we applied 44 obfuscations to 18 subject applications covering a total of 4 millions lines of code.  ...  Context: Obfuscation is a common technique used to protect software against malicious reverse engineering.  ...  Acknowledgements The authors would like to thank Marco Torchiano for the interesting discussion on the analysis procedure and the Zelix Klassmaster TM developers for the full evaluation copy of their tool  ... 
doi:10.1007/s10664-014-9321-0 fatcat:yhobczotxvd3rnyftctrd557qi

Detecting Obfuscated JavaScript Malware Using Sequences of Internal Function Calls

Alireza Gorji, Mahdi Abadi
2014 Proceedings of the 2014 ACM Southeast Regional Conference on - ACM SE '14  
Obfuscated JavaScript malware can easily evade signature-based detection by changing the appearance of JavaScript code.  ...  Because nowadays benign JavaScript code is often obfuscated, static analysis techniques generate many false alarms.  ...  OBFUSCATION TECHNIQUES Obfuscation techniques are heavily used in JavaScript malware to evade the detection of malware protection systems and to hide their malicious intent.  ... 
doi:10.1145/2638404.2737181 dblp:conf/ACMse/GorjiA14 fatcat:fgezuo3uizcsfnd7s2uuvg2tmm

Source Code Authorship Identification Using Deep Neural Networks

Anna Kurtukova, Aleksandr Romanov, Alexander Shelupanov
2020 Symmetry  
cases of determining the authorship of the code and for those complicated by obfuscation and using of coding standards.  ...  The possibility of accidental or deliberate use of someone else's source code as a closed functionality in another project (even a commercial) is not excluded.  ...  Conflicts of Interest: The authors declare no conflict of interest. Symmetry 2020, 12, 2044  ... 
doi:10.3390/sym12122044 fatcat:f7fiv53qrbbnpe74tmwupair3e
« Previous Showing results 1 — 15 out of 739 results