The power of obfuscation techniques in malicious JavaScript code: A measurement study

Citations Over TimeTop 10% of 2012 papers

Abstract

JavaScript based attacks have been reported as the top Internet security threats in recent years. Since most of the Internet users rely on anti-virus software to protect themselves from malicious JavaScript code, attackers exploit JavaScript obfuscation techniques to evade the detection of anti-virus software. To better understand the obfuscation techniques adopted by malicious JavaScript code, we conduct a measurement study. We first categorize observed JavaScript obfuscation techniques. Then we conduct a statistic analysis on the usage of different categories of obfuscation techniques in real-world malicious JavaScript samples. We also study the detection effectiveness of 20 most popular anti-virus software against obfuscation techniques. Based on the results, we analyze the cause of the popularity of obfuscation in malicious JavaScript code; the reason behind the choice of obfuscation techniques and the difference between benign obfuscation and malicious obfuscation. Moreover, we also provide suggestions for designing effective obfuscation detection approaches in future.

Related Papers

• → Malware Obfuscation Techniques: A Brief Survey(2010)568 cited
• Challenge of Malware Analysis: Malware obfuscation Techniques(2018)
• → Anti-Obfuscation Techniques: Recent Analysis of Malware Detection(2022)5 cited
• → DynODet: Detecting Dynamic Obfuscation in Malware(2017)13 cited