Detecting malicious JavaScript

DSpace/Manakin Repository

Detecting malicious JavaScript

Show full item record

Title: Detecting malicious JavaScript
Author: Der, Matthew
Abstract: The increased use of the World Wide Web and JavaScript as a scripting language for Web pages have made JavaScript a popular attack vector for infecting users' machines with malware. Additionally, attackers often obfuscate their code to avoid detection, which heightens the challenge and complexity of automated defense systems. We present two analyses of malicious scripts and suggest how they could be extended into intrusion detection systems. For our analyses we use a sample of deobfuscated malicious and benign scripts collected from actual Web sites. First, using our malicious sample, we perform a manual analysis of attack signatures, identifying four distinct categories of attacks. Second, we use existing research software to analyze certain function calls made by the malicious and benign scripts, and compare the resulting distributions of function calls. Then we perform a classification analysis using logistic regression to propose an approach for a host-based intrusion detection system.
Date: 2010-04-28

Files in this item

Files Size Format View
10MCS-DerMatthew.pdf 814.4Kb PDF View/Open

The following license files are associated with this item:

This item appears in the following Collection(s)

Show full item record

Search DSpace

Advanced Search


My Account