Automatic simplification of obfuscated JavaScript code

Gen Lu, Kevin Coogan, Saumya K Debray

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

Javascript is a scripting language that is commonly used to create sophisticated interactive client-side web applications. It can also be used to carry out browser-based attacks on users. Malicious JavaScript code is usually highly obfuscated, making detection a challenge. This paper describes a simple approach to deobfuscation of JavaScript code based on dynamic analysis and slicing. Experiments using a prototype implementation indicate that our approach is able to penetrate multiple layers of complex obfuscations and extract the core logic of the computation.

Original languageEnglish (US)
Title of host publicationCommunications in Computer and Information Science
Pages348-359
Number of pages12
Volume285 CCIS
DOIs
StatePublished - 2012
Event6th International Conference on Information Systems, Management and Technology, ICISTM 2012 - Grenoble, France
Duration: Mar 28 2012Mar 30 2012

Publication series

NameCommunications in Computer and Information Science
Volume285 CCIS
ISSN (Print)18650929

Other

Other6th International Conference on Information Systems, Management and Technology, ICISTM 2012
CountryFrance
CityGrenoble
Period3/28/123/30/12

Fingerprint

Dynamic analysis
Experiments

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Lu, G., Coogan, K., & Debray, S. K. (2012). Automatic simplification of obfuscated JavaScript code. In Communications in Computer and Information Science (Vol. 285 CCIS, pp. 348-359). (Communications in Computer and Information Science; Vol. 285 CCIS). https://doi.org/10.1007/978-3-642-29166-1_31

Automatic simplification of obfuscated JavaScript code. / Lu, Gen; Coogan, Kevin; Debray, Saumya K.

Communications in Computer and Information Science. Vol. 285 CCIS 2012. p. 348-359 (Communications in Computer and Information Science; Vol. 285 CCIS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Lu, G, Coogan, K & Debray, SK 2012, Automatic simplification of obfuscated JavaScript code. in Communications in Computer and Information Science. vol. 285 CCIS, Communications in Computer and Information Science, vol. 285 CCIS, pp. 348-359, 6th International Conference on Information Systems, Management and Technology, ICISTM 2012, Grenoble, France, 3/28/12. https://doi.org/10.1007/978-3-642-29166-1_31
Lu G, Coogan K, Debray SK. Automatic simplification of obfuscated JavaScript code. In Communications in Computer and Information Science. Vol. 285 CCIS. 2012. p. 348-359. (Communications in Computer and Information Science). https://doi.org/10.1007/978-3-642-29166-1_31
Lu, Gen ; Coogan, Kevin ; Debray, Saumya K. / Automatic simplification of obfuscated JavaScript code. Communications in Computer and Information Science. Vol. 285 CCIS 2012. pp. 348-359 (Communications in Computer and Information Science).
@inproceedings{633294ae26ee444bb1caf0138097233f,
title = "Automatic simplification of obfuscated JavaScript code",
abstract = "Javascript is a scripting language that is commonly used to create sophisticated interactive client-side web applications. It can also be used to carry out browser-based attacks on users. Malicious JavaScript code is usually highly obfuscated, making detection a challenge. This paper describes a simple approach to deobfuscation of JavaScript code based on dynamic analysis and slicing. Experiments using a prototype implementation indicate that our approach is able to penetrate multiple layers of complex obfuscations and extract the core logic of the computation.",
author = "Gen Lu and Kevin Coogan and Debray, {Saumya K}",
year = "2012",
doi = "10.1007/978-3-642-29166-1_31",
language = "English (US)",
isbn = "9783642291654",
volume = "285 CCIS",
series = "Communications in Computer and Information Science",
pages = "348--359",
booktitle = "Communications in Computer and Information Science",

}

TY - GEN

T1 - Automatic simplification of obfuscated JavaScript code

AU - Lu, Gen

AU - Coogan, Kevin

AU - Debray, Saumya K

PY - 2012

Y1 - 2012

N2 - Javascript is a scripting language that is commonly used to create sophisticated interactive client-side web applications. It can also be used to carry out browser-based attacks on users. Malicious JavaScript code is usually highly obfuscated, making detection a challenge. This paper describes a simple approach to deobfuscation of JavaScript code based on dynamic analysis and slicing. Experiments using a prototype implementation indicate that our approach is able to penetrate multiple layers of complex obfuscations and extract the core logic of the computation.

AB - Javascript is a scripting language that is commonly used to create sophisticated interactive client-side web applications. It can also be used to carry out browser-based attacks on users. Malicious JavaScript code is usually highly obfuscated, making detection a challenge. This paper describes a simple approach to deobfuscation of JavaScript code based on dynamic analysis and slicing. Experiments using a prototype implementation indicate that our approach is able to penetrate multiple layers of complex obfuscations and extract the core logic of the computation.

UR - http://www.scopus.com/inward/record.url?scp=84861117546&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84861117546&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-29166-1_31

DO - 10.1007/978-3-642-29166-1_31

M3 - Conference contribution

SN - 9783642291654

VL - 285 CCIS

T3 - Communications in Computer and Information Science

SP - 348

EP - 359

BT - Communications in Computer and Information Science

ER -