| Presentation | 2016-03-04 A fast detecting method for obfuscated malicious JavaScript based on text pattern analysis Jiawei Su, Katsunari Yoshioka, Junji Shikata, Tsutomu Matsumoto, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | The malicious JavaScript is a common springboard for attackers to launch several types of network attacks, such as Drive-by-Download and malicious PDF delivery attacks. In order to elude detection of signature matching, malicious JavaScript is always packed (so-called “obfuscation”) with diversified algorithms therefore the occurrence of obfuscation is always a good pointer for potential maliciousness. In this investigation, we propose a light – weight approach for quickly filtering obfuscated JavaScript based on a novel approach of tokenizing JavaScript text at letter level and information-theoretic measure, based on the previous work in the domain of detecting obfuscated malicious code as well as the pattern analysis of natural languages. The new approach is obviously time efficient compared to existing systems since it processes much less objects while we also proved that the approach could also reach the acceptable detection accuracies. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Text ClassificationObfuscated JavaScriptInformation theoretic measuresfeature selectionnovelty detection |
| Paper # | ICSS2015-58 |
| Date of Issue | 2016-02-25 (ICSS) |
| Conference Information | |
| Committee | ICSS / IPSJ-SPT |
|---|---|
| Conference Date | 2016/3/3(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Academic Center for Computing and Media Studies, Kyoto University |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Information and Communication System Security, etc. |
| Chair | Yutaka Miyake(KDDI R&D Labs.) |
| Vice Chair | Takashi Nishide(Univ. of Tsukuba) / Yoshiaki Shiraishi(Kobe Univ.) |
| Secretary | Takashi Nishide(Mitsubishi Electric) / Yoshiaki Shiraishi(NII) |
| Assistant | Katsunari Yoshioka(Yokohama National Univ.) / Kazunori Kamiya(NTT) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
|---|---|
| Language | ENG |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | A fast detecting method for obfuscated malicious JavaScript based on text pattern analysis |
| Sub Title (in English) | |
| Keyword(1) | Text ClassificationObfuscated JavaScriptInformation theoretic measuresfeature selectionnovelty detection |
| 1st Author's Name | Jiawei Su |
| 1st Author's Affiliation | Yokohama National University(YNU) |
| 2nd Author's Name | Katsunari Yoshioka |
| 2nd Author's Affiliation | Yokohama National University(YNU) |
| 3rd Author's Name | Junji Shikata |
| 3rd Author's Affiliation | Yokohama National University(YNU) |
| 4th Author's Name | Tsutomu Matsumoto |
| 4th Author's Affiliation | Yokohama National University(YNU) |
| Date | 2016-03-04 |
| Paper # | ICSS2015-58 |
| Volume (vol) | vol.115 |
| Number (no) | ICSS-488 |
| Page | pp.pp.65-70(ICSS), |
| #Pages | 6 |
| Date of Issue | 2016-02-25 (ICSS) |