Detecting Obfuscated Suspicious JavaScript Based on Information-Theoretic Measures and Novelty Detection

It is common for attackers to launch famous Drive-by-download attacks by using malicious JavaScript on the Internet. In a typical case, attackers compromise legitimate websites and inject malicious JavaScript which is used to bounce the visitors to other pre-set malicious pages and infect them. In o...

Full description

Saved in:
Bibliographic Details
Published inInformation Security and Cryptology - ICISC 2015 pp. 278 - 293
Main Authors Su, Jiawei, Yoshioka, Katsunari, Shikata, Junji, Matsumoto, Tsutomu
Format Book Chapter
LanguageEnglish
Japanese
Published Cham Springer International Publishing 2016
SeriesLecture Notes in Computer Science
Subjects
Novelty detection
Obfuscated JavaScript
Renyi entropy
Online AccessGet full text

Cover

More Information
Summary:It is common for attackers to launch famous Drive-by-download attacks by using malicious JavaScript on the Internet. In a typical case, attackers compromise legitimate websites and inject malicious JavaScript which is used to bounce the visitors to other pre-set malicious pages and infect them. In order to evade detectors, attackers obfuscate their malicious JavaScript so that the maliciousness can be hidden. In this paper, we propose a new approach for detecting suspicious obfuscated JavaScript based on information-theoretic measures and the idea of novelty detection. According to results of experiments, it can be seen the new system improves several potential weaknesses of previous systems.
ISBN:3319308394
9783319308395
ISSN:0302-9743
1611-3349
DOI:10.1007/978-3-319-30840-1_18