JSForce: A forced execution engine for malicious javascript detection
The drastic increase of JavaScript exploitation attacks has led to a strong interest in developing techniques to analyze malicious JavaScript. Existing analysis techniques fall into two general categories: static analysis and dynamic analysis. Static analysis tends to produce inaccurate results (bot...
Saved in:
Main Authors: | , , , , |
---|---|
Format: | text |
Language: | English |
Published: |
Institutional Knowledge at Singapore Management University
2017
|
Subjects: | |
Online Access: | https://ink.library.smu.edu.sg/sis_research/8172 https://ink.library.smu.edu.sg/context/sis_research/article/9175/viewcontent/1701.07860.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Singapore Management University |
Language: | English |
id |
sg-smu-ink.sis_research-9175 |
---|---|
record_format |
dspace |
spelling |
sg-smu-ink.sis_research-91752023-09-26T10:32:06Z JSForce: A forced execution engine for malicious javascript detection HU, Xunchao CHENG, Yao DUAN, Yue HENDERSON, Andrew YIN, Heng The drastic increase of JavaScript exploitation attacks has led to a strong interest in developing techniques to analyze malicious JavaScript. Existing analysis techniques fall into two general categories: static analysis and dynamic analysis. Static analysis tends to produce inaccurate results (both false positive and false negative) and is vulnerable to a wide series of obfuscation techniques. Thus, dynamic analysis is constantly gaining popularity for exposing the typical features of malicious JavaScript. However, existing dynamic analysis techniques possess limitations such as limited code coverage and incomplete environment setup, leaving a broad attack surface for evading the detection. To overcome these limitations, we present the design and implementation of a novel JavaScript forced execution engine named JSForce which drives an arbitrary JavaScript snippet to execute along different paths without any input or environment setup. We evaluate JSForce using 220,587 HTML and 23,509 PDF real-world samples. Experimental results show that by adopting our forced execution engine, the malicious JavaScript detection rate can be substantially boosted by 206.29% using same detection policy without any noticeable false positive increase. 2017-10-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8172 info:doi/10.1007/978-3-319-78813-5_37 https://ink.library.smu.edu.sg/context/sis_research/article/9175/viewcontent/1701.07860.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Analysis techniques Design and implementations Detection rates Dynamic analysis techniques Execution engine False positive and false negatives Forced execution Malicious javascript Information Security |
institution |
Singapore Management University |
building |
SMU Libraries |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
SMU Libraries |
collection |
InK@SMU |
language |
English |
topic |
Analysis techniques Design and implementations Detection rates Dynamic analysis techniques Execution engine False positive and false negatives Forced execution Malicious javascript Information Security |
spellingShingle |
Analysis techniques Design and implementations Detection rates Dynamic analysis techniques Execution engine False positive and false negatives Forced execution Malicious javascript Information Security HU, Xunchao CHENG, Yao DUAN, Yue HENDERSON, Andrew YIN, Heng JSForce: A forced execution engine for malicious javascript detection |
description |
The drastic increase of JavaScript exploitation attacks has led to a strong interest in developing techniques to analyze malicious JavaScript. Existing analysis techniques fall into two general categories: static analysis and dynamic analysis. Static analysis tends to produce inaccurate results (both false positive and false negative) and is vulnerable to a wide series of obfuscation techniques. Thus, dynamic analysis is constantly gaining popularity for exposing the typical features of malicious JavaScript. However, existing dynamic analysis techniques possess limitations such as limited code coverage and incomplete environment setup, leaving a broad attack surface for evading the detection. To overcome these limitations, we present the design and implementation of a novel JavaScript forced execution engine named JSForce which drives an arbitrary JavaScript snippet to execute along different paths without any input or environment setup. We evaluate JSForce using 220,587 HTML and 23,509 PDF real-world samples. Experimental results show that by adopting our forced execution engine, the malicious JavaScript detection rate can be substantially boosted by 206.29% using same detection policy without any noticeable false positive increase. |
format |
text |
author |
HU, Xunchao CHENG, Yao DUAN, Yue HENDERSON, Andrew YIN, Heng |
author_facet |
HU, Xunchao CHENG, Yao DUAN, Yue HENDERSON, Andrew YIN, Heng |
author_sort |
HU, Xunchao |
title |
JSForce: A forced execution engine for malicious javascript detection |
title_short |
JSForce: A forced execution engine for malicious javascript detection |
title_full |
JSForce: A forced execution engine for malicious javascript detection |
title_fullStr |
JSForce: A forced execution engine for malicious javascript detection |
title_full_unstemmed |
JSForce: A forced execution engine for malicious javascript detection |
title_sort |
jsforce: a forced execution engine for malicious javascript detection |
publisher |
Institutional Knowledge at Singapore Management University |
publishDate |
2017 |
url |
https://ink.library.smu.edu.sg/sis_research/8172 https://ink.library.smu.edu.sg/context/sis_research/article/9175/viewcontent/1701.07860.pdf |
_version_ |
1779157190857195520 |