A Step towards Static Script Malware Abstraction : Rewriting Obfuscated Script with Maude




    • BLANC Gregory
    • Graduate School of Information Science, Nara Institute of Science and Technology
    • Graduate School of Information Science, Nara Institute of Science and Technology


Modern web applications incorporate many programmatic frameworks and APIs that are often pushed to the client-side with most of the application logic while contents are the result of mashing up several resources from different origins. Such applications are threatened by attackers that often attempts to inject directly, or by leveraging a stepstone website, script codes that perform malicious operations. Web scripting based malware proliferation is being more and more industrialized with the drawbacks and advantages that characterize such approach: on one hand, we are witnessing a lot of samples that exhibit the same characteristics which make these easy to detect, while on the other hand, professional developers are continuously developing new attack techniques. While obfuscation is still a debated issue within the community, it becomes clear that, with new schemes being designed, this issue cannot be ignored anymore. Because many proposed countermeasures confess that they perform better on unobfuscated contents, we propose a 2-stage technique that first relieve the burden of obfuscation by emulating the deobfuscation stage before performing a static abstraction of the analyzed sample's functionalities in order to reveal its intent. We support our proposal with evidence from applying our technique to real-life examples and provide discussion on performance in terms of time, as well as possible other applications of proposed techniques in the areas of web crawling and script classification. Additionally, we claim that such approach can be generalized to other scripting languages similar to JavaScript.


  • IEICE transactions on information and systems

    IEICE transactions on information and systems 94(11), 2159-2166, 2011-11-01

    The Institute of Electronics, Information and Communication Engineers

参考文献:  29件中 1-29件 を表示


  • 本文言語コード
  • 資料種別
  • ISSN
  • データ提供元
    CJP書誌  J-STAGE