A Step towards Static Script Malware Abstraction : Rewriting Obfuscated Script with Maude
スポンサーリンク
概要
- 論文の詳細を見る
Modern web applications incorporate many programmatic frameworks and APIs that are often pushed to the client-side with most of the application logic while contents are the result of mashing up several resources from different origins. Such applications are threatened by attackers that often attempts to inject directly, or by leveraging a stepstone website, script codes that perform malicious operations. Web scripting based malware proliferation is being more and more industrialized with the drawbacks and advantages that characterize such approach: on one hand, we are witnessing a lot of samples that exhibit the same characteristics which make these easy to detect, while on the other hand, professional developers are continuously developing new attack techniques. While obfuscation is still a debated issue within the community, it becomes clear that, with new schemes being designed, this issue cannot be ignored anymore. Because many proposed countermeasures confess that they perform better on unobfuscated contents, we propose a 2-stage technique that first relieve the burden of obfuscation by emulating the deobfuscation stage before performing a static abstraction of the analyzed samples functionalities in order to reveal its intent. We support our proposal with evidence from applying our technique to real-life examples and provide discussion on performance in terms of time, as well as possible other applications of proposed techniques in the areas of web crawling and script classification. Additionally, we claim that such approach can be generalized to other scripting languages similar to JavaScript.
- 2011-11-01
著者
-
Blanc Gregory
Graduate School Of Information Science Nara Institute Of Science And Technology
-
Kadobayashi Youki
Graduate School Of Information Science Naist
関連論文
- Basic trust calculation to prevent spam in VoIP network based on call duration: single hop consideration (インターネットアーキテクチャ)
- Basic Trust Calculation to Prevent Spam in VoIP Network based on Call Duration : Single Hop Consideration
- Performance Study and Deployment Strategies on the Sender-Initiated Multicast(Internet Technology V)
- Multi-Path Transmission Algorithm for End-to-End Seamless Handover across Heterogeneous Wireless Access Networks(Mobile Networking)(Internet Technology IV)
- Handover Management for VoWLAN Based on Estimation of AP Queue Length and Frame Retries
- An MEG Data Analysis System Using Grid Technology (特集 次世代のインターネット/分散システムの構築・運用技術)
- Distributed Scalable Multi-player Online Game Servers on Peer-to-Peer Networks (特集 新時代の分散処理とネットワーク(WebサービスとP2P))
- A Layer-2 Extension to Hash-Based IP Traceback(New Technologies in the Internet and their Applications)
- A Layer-2 Extension to Hash-Based IP Traceback
- Improvement of Consistency among AS Policies in IRR Databases(Distributed System Operation and Management)
- Adaptive Bloom Filter : A Space-Efficient Counting Algorithm for Unpredictable Network Traffic
- A Step towards Static Script Malware Abstraction : Rewriting Obfuscated Script with Maude
- Hose Bandwidth Allocation Method to Achieve a Minimum Throughput Assurance Service for Provider Provisioned VPNs
- Distributed Scalable Multi-player Online Game Servers on Peer-to-Peer Networks
- Improvement of Consistency among AS Policies in IRR Databases
- Distributed Scalable Multi-player Online Game Servers on Peer-to-Peer Networks