Proceedings of the 5th ACM Workshop on Security and Artificial Intelligence 2012
DOI: 10.1145/2381896.2381901
|View full text |Cite
|
Sign up to set email alerts
|

Early detection of malicious behavior in JavaScript code

Abstract: Malicious JavaScript code is widely used for exploiting vulnerabilities in web browsers and infecting users with malicious software. Static detection methods fail to protect from this threat, as they are unable to cope with the complexity and dynamics of interpreted code. In contrast, the dynamic analysis of JavaScript code at run-time has proven to be effective in identifying malicious behavior. During the execution of the code, however, damage may already take place and thus an early detection is critical fo… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
19
0

Year Published

2015
2015
2024
2024

Publication Types

Select...
3
3
2

Relationship

0
8

Authors

Journals

citations
Cited by 26 publications
(19 citation statements)
references
References 17 publications
0
19
0
Order By: Relevance
“…Unfortunately, JavaScript's code provides a strong base for conducting attacks, especially drive-by-download attacks, which unnoticeably attack clients amid the visit of a web page. In contrast to different sorts of network-based attacks, malicious JavaScripts are difficult to detect [4]. JavaScript attacks are performed by looking into the vulnerability and exploiting by using JavaScript obfuscation techniques to evade the detection.…”
Section: Introductionmentioning
confidence: 99%
“…Unfortunately, JavaScript's code provides a strong base for conducting attacks, especially drive-by-download attacks, which unnoticeably attack clients amid the visit of a web page. In contrast to different sorts of network-based attacks, malicious JavaScripts are difficult to detect [4]. JavaScript attacks are performed by looking into the vulnerability and exploiting by using JavaScript obfuscation techniques to evade the detection.…”
Section: Introductionmentioning
confidence: 99%
“…Our proposed system uses an LSTM neural model for the language model instead of the n-gram model proposed by Shah [33]. Other papers which investigate the detection of malicious JavaScript include [26], [32], [35], [38], [39].…”
Section: Related Workmentioning
confidence: 99%
“…Luckily, Rieck et al already introduced notation to describe q-grams in Cujo [38]. The same q-gram representation and set of features were later used by Early-Bird by Schutt et al [40]. Thus, we will use the same notation used by EarlyBird and Cujo to show the bag of words and q-grams approach.…”
Section: Feature Selectionmentioning
confidence: 99%
“…We must clarify that even though Cujo [38] and EarlyBird [40] use the same q-gram representation, our approach uses a dierent set of features oriented to resource-related APIs. More details on similarities and dierences are discussed in Section 5.…”
Section: Feature Selectionmentioning
confidence: 99%
See 1 more Smart Citation