Advertisement

Hybrid Obfuscated Javascript Strength Analysis System for Detection of Malicious Websites

  • R. Krishnaveni
  • C. Chellappan
  • R. Dhanalakshmi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7513)

Abstract

JavaScripts are mostly used by the malicious websites to attack the client systems. To detect and prevent this, static and dynamic analysis systems are used which has problems like longer analysis time, setting up of virtual environment and prone to real attacks. Hence a new hybrid analysis system is proposed which reduces the shortcomings of the static and dynamic analysis systems. Additional features such as keywords to words ratio, average line length, presence of suspicious URLs and tags, whitespace percentage, number of redirections, and enigmatic variable names are used to measure the strength of the obfuscation. In this system performance is improved and the number of false positives and negatives are reduced. Based on the strength of obfuscation in the JavaScript code, a website is determined to be benign or malicious.

Keywords

Malicious Web Sites JavaScript Obfuscation JavaScript Extraction Hybrid Strength Analysis System 

References

  1. 1.
    Malzilla.org Rhino: JavaScript for Java, http://www.mozilla.org/rhino
  2. 2.
    Choi, Y.H., Kim, T.G., Choi, S.J.: Automatic Detection for Javascript Obfuscation Attacks in Web Pages through String Pattern Analysis. International Journal of Security and Its Applications 4(2), 13–26 (2010)Google Scholar
  3. 3.
    Lin, C.-H., Liu, J.-C., Chen, C.-R.: Access Log Generator for Analyzing Malicious Website Browsing Behaviors. In: Fifth International Conference on Information Assurance and Security (2009)Google Scholar
  4. 4.
    Ma, J., Saul, L.K., Savage, S., Voelker, G.M.: Beyond Blacklists: Learning to Detect Malicious Web Sites from Suspicious URLs. In: KDD 2009, Paris, France (2009)Google Scholar
  5. 5.
    Guan, D.J., Chen, C.-M., Luo, J.-S., Hou, Y.-T.: Malicious Web Page Detection Based on Anomaly Semantics. In: Fourth Joint Workshop on Information Security (JWIS 2009), Kaohsiung, Taiwan (2009)Google Scholar
  6. 6.
    Cova, M., Kruegel, C., Vigna, G.: Detection and Analsis of Drive-by-Download Attacks and Malicious JavaScript Code. Management of Computing and Information Systems (2010)Google Scholar
  7. 7.
    Bőscher, A., Meier, M., Benzmőller, R.: Throwing a MonkeyWrench into Web Attacks Plans. In: International Fedration for Information Processing, pp.28–39 (2010)Google Scholar
  8. 8.
    Kim, B.-I., Im, C.-T., Jung, H.-C.: Suspicious Malicious Web Site Detection with Strength Analysis of a JavaScript Obfuscation. International Journal of Advanced Science and Technology 26 (2011)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • R. Krishnaveni
    • 1
  • C. Chellappan
    • 1
  • R. Dhanalakshmi
    • 1
  1. 1.Department of Computer Science & EngineeringAnna UniversityChennaiIndia

Personalised recommendations