J-Force: Forced Execution on JavaScript
نویسندگان
چکیده
Web-based malware equipped with stealthy cloaking and obfuscation techniques is becoming more sophisticated nowadays. In this paper, we propose J-FORCE, a crash-free forced JavaScript execution engine to systematically explore possible execution paths and reveal malicious behaviors in such malware. In particular, JFORCE records branch outcomes and mutates them for further explorations. J-FORCE inspects function parameter values that may reveal malicious intentions and expose suspicious DOM injections. We addressed a number of technical challenges encountered. For instance, we keep track of missing objects and DOM elements, and create them on demand. To verify the efficacy of our techniques, we apply J-FORCE to detect Exploit Kit (EK) attacks and malicious Chrome extensions. We observe that J-FORCE is more effective compared to the existing tools.
منابع مشابه
JSForce: A Forced Execution Engine for Malicious JavaScript Detection
The drastic increase of JavaScript exploitation attacks has led to a strong interest in developing techniques to enable malicious JavaScript analysis. Existing analysis techniques fall into two general categories: static analysis and dynamic analysis. Static analysis tends to produce inaccurate results (both false positive and false negative) and is vulnerable to a wide series of obfuscation te...
متن کاملCapataz: a framework for distributing algorithms via the World Wide Web
In recent years, some scientists have embraced the distributed computing paradigm. As experiments and simulations demand ever more computing power, coordinating the efforts of many different processors is often the only reasonable resort. We developed an open-source distributed computing framework based on web technologies, and named it Capataz. Acting as an HTTP server, web browsers running on...
متن کاملValidating JavaScript Guidelines across Multiple Web Browsers
Nowadays, JavaScript is the language for developing dynamic websites. Previously, several guidelines were published about how to write efficient JavaScript code. Our research focuses on whether programmers should still adhere to these guidelines or can they rely on the state-of-the-art JavaScript execution engines to achieve good performance results. In this paper, we present the experiments wh...
متن کاملAn Execution-flow Based Method for Detecting Cross-Site Scripting of Ajax Applications
We present an execution-flow analysis for JavaScript programs running in a web browser to prevent Cross-site Scripting (XSS) attacks. We construct finite-state automata (FSA) to model the client-side behavior of Ajax applications under normal execution. Our system is deployed in proxy mode. The proxy analyzes the execution flow of client-side JavaScript before the requested web pages arrive at ...
متن کاملAutomatic Unit Test Generation and Execution for JavaScript Program through Symbolic Execution
JavaScript is expected to be a programming language of even wider use, considering demands for more interactive web/mobile applications. While reliability of JavaScript code will be of more importance, testing techniques for the language remain insufficient compared to other languages. We propose a technique to automatically generate high-coverage unit tests for JavaScript code. The technique m...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2017