Detecting malicious JavaScript
نویسندگان
چکیده
The increased use of the World Wide Web and JavaScript as a scripting language for Web pages have made JavaScript a popular attack vector for infecting users' machines with malware. Additionally, attackers often obfuscate their code to avoid detection, which heightens the challenge and complexity of automated defense systems. We present two analyses of malicious scripts and suggest how they could be extended into intrusion detection systems. For our analyses we use a sample of deobfuscated malicious and benign scripts collected from actual Web sites. First, using our malicious sample, we perform a manual analysis of attack signatures, identifying four distinct categories of attacks. Second, we use existing research software to analyze certain function calls made by the malicious and benign scripts, and compare the resulting distributions of function calls. Then we perform a classification analysis using logistic regression to propose an approach for a host-based intrusion detection system.
منابع مشابه
Analyzing new features of infected web content in detection of malicious web pages
Recent improvements in web standards and technologies enable the attackers to hide and obfuscate infectious codes with new methods and thus escaping the security filters. In this paper, we study the application of machine learning techniques in detecting malicious web pages. In order to detect malicious web pages, we propose and analyze a novel set of features including HTML, JavaScript (jQuery...
متن کاملMalicious JavaScript Detection by Features Extraction
In recent years, JavaScript-based attacks have become one of the most common and successful types of attack. Existing techniques for detecting malicious JavaScripts could fail for different reasons. Some techniques are tailored on specific kinds of attacks, and are ineffective for others. Some other techniques require costly computational resources to be implemented. Other techniques could be c...
متن کاملIntelligent Defense against Malicious JavaScript Code
JavaScript is a popular scripting language for creating dynamic and interactive web pages. Unfortunately, JavaScript also provides the ground for web-based attacks that exploit vulnerabilities in web browsers and unnoticeably infect users with malicious software. Regular security tools, such as anti-virus scanners, increasingly fail to fend off this threat, as they are unable to cope with the r...
متن کاملAutomatic Detection for JavaScript Obfuscation Attacks in Web Pages through String Pattern Analysis
Recently, most of malicious web pages include obfuscated codes in order to circumvent the detection of signature-based detection systems .It is difficult to decide whether the sting is obfuscated because the shape of obfuscated strings are changed continuously. In this paper, we propose a novel methodology that can detect obfuscated strings in the malicious web pages. We extracted three metrics...
متن کاملRevolver: An Automated Approach to the Detection of Evasive Web-based Malware
In recent years, attacks targeting web browsers and their plugins have become a prevalent threat. Attackers deploy web pages that contain exploit code, typically written in HTML and JavaScript, and use them to compromise unsuspecting victims. Initially, static techniques, such as signature-based detection, were adequate to identify such attacks. The response from the attackers was to heavily ob...
متن کامل