Abstract
It is common for attackers to launch famous Drive-by-download attacks by using malicious JavaScript on the Internet. In a typical case, attackers compromise legitimate websites and inject malicious JavaScript which is used to bounce the visitors to other pre-set malicious pages and infect them. In order to evade detectors, attackers obfuscate their malicious JavaScript so that the maliciousness can be hidden. In this paper, we propose a new approach for detecting suspicious obfuscated JavaScript based on information-theoretic measures and the idea of novelty detection. According to results of experiments, it can be seen the new system improves several potential weaknesses of previous systems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Canali, D., Cova, M., Vigna, G., Kruegel, C.: A fast filter for the large-scale detection of malicious web pages. In: 20th International Conference on World Wide Web, pp. 197–206. ACM, New York (2011)
Likarish, P., Jung, E.J., Jo, I.: Obfuscated malicious JavaScript detection using classification techniques. In: 4th International Conference on Malicious and Unwanted Software, pp. 47–53. IEEE (2009)
Wang, W., Lv, Y., Chen, H., Fang, Z.: A static malicious JavaScript detection using SVM. In: 2nd International Conference on Computer Science and Electronics Engineering (2013)
Kim, B., Im, C., Jung, H.: Suspicious malicious web site detection with strength analysis of a JavaScript obfuscation. Int. J. Adv. Sci. Technol. 26, 19–32 (2011)
Nishida, M., et al.: Obfuscated malicious JavaScript detection using machine learning with character frequency. In: Information processing society of Japan SIG Technical report, No.21 (2014)
Rieck, K., Krueger, T., Dewald, A.: Cujo: efficient detection and prevention of drive-by download attacks. In: 26th Annual Computer Security Applications Conference, pp. 31–39.. ACM, New York (2010)
Choi, Y., Kim, T., Choi, S.: Automatic detection for JavaScript obfuscation attacks in web pages through string pattern analysis. Int. J. Secur. Appl. 4(2), 13–26 (2010)
Scholkopf, B., Williamson, R., Smola, A., Taylor, J., Platt, J.: Support Vector Method for Novelty Detection. In: Solla, S.A., Leen, T.K., Muller, K.-R. (eds.) Advances in Neural Information Processing System, pp. 582–588. MIT Press, Cambridge (2000)
Houa, Y., Changb, Y., Chenb, T., Laihc, C., Chena, C.: Malicious web content detection by machine learning. Expert Syst. Appl. 37, 55–60 (2010)
VirusTotal. https://www.virustotal.com
Kamizono, M., et al.: Datasets for anti-malware research - MWS datasets 201. In: Anti Malware Engineering WorkShop 2013 (2013)
Alexa Top Sites. http://www.alexa.com/topsites
Cover, T.M., Thomas, T.A.: Elements of Information Theory, 2nd edn. Wiley, Hoboken (2006)
Laskov, P., Srndic, N.: Static detection of malicious JavaScript-bearing PDF documents. In: 27th Annual Computer Security Applications Conference, pp. 373–382. ACM, New York (2011)
Al-Taharwa, I.A., et al.: Obfuscated malicious JavaScript detection by Causal Relations Finding. In: 2011 13th International Conference on Advanced Communication Technology (ICACT), pp. 787–792. IEEE (2011)
Shabtai, A., Moskovitch, R., Elovici, Y., Glezer, C.: Detection of malicious code by applying machine learning classifiers on static features: a state-of-the-art survey. Inf. Secur. Tech. Rep. 14, 16–29 (2009). Elsevier
Cai, D., Gokhale, M., Theiler, J.: Comparison of feature selection and classification algorithms in identifying malicious executables. Comput. Stat. Data Anal. 14, 3156–3172 (2007)
Acknowledgement
A part of this work was conducted under the auspices of the MEXT Program of Promoting the Reform of National Universities, Japan.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Su, J., Yoshioka, K., Shikata, J., Matsumoto, T. (2016). Detecting Obfuscated Suspicious JavaScript Based on Information-Theoretic Measures and Novelty Detection. In: Kwon, S., Yun, A. (eds) Information Security and Cryptology - ICISC 2015. ICISC 2015. Lecture Notes in Computer Science(), vol 9558. Springer, Cham. https://doi.org/10.1007/978-3-319-30840-1_18
Download citation
DOI: https://doi.org/10.1007/978-3-319-30840-1_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-30839-5
Online ISBN: 978-3-319-30840-1
eBook Packages: Computer ScienceComputer Science (R0)