Weaknesses in defenses against web-borne malware (short paper)

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Web-based mechanisms, often mediated by malicious JavaScript code, play an important role in malware delivery today, making defenses against web-borne malware crucial for system security. This paper explores weaknesses in existing approaches to the detection of malicious JavaScript code. These approaches generally fall into two categories: lightweight techniques focusing on syntactic features such as string obfuscation and dynamic code generation; and heavier-weight approaches that look for deeper semantic characteristics such as the presence of shellcode-like strings or execution of exploit code. We show that each of these approaches has its weaknesses, and that state-of-the-art detectors using these techniques can be defeated using cloaking techniques that combine emulation with dynamic anti-analysis checks. Our goal is to promote a discussion in the research community focusing on robust defensive techniques rather than ad-hoc solutions.

Original languageEnglish (US)
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages139-149
Number of pages11
Volume7967 LNCS
DOIs
StatePublished - 2013
Event10th Conference on Detection of Intrusions and Malware and Vulnerability Assessment, DIMVA 2013 - Berlin, Germany
Duration: Jul 18 2013Jul 19 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7967 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other10th Conference on Detection of Intrusions and Malware and Vulnerability Assessment, DIMVA 2013
CountryGermany
CityBerlin
Period7/18/137/19/13

Fingerprint

Malware
JavaScript
Syntactics
Security systems
Strings
Semantics
Detectors
Obfuscation
Code Generation
Emulation
Web-based
Detector
Code generation

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Lu, G., & Debray, S. K. (2013). Weaknesses in defenses against web-borne malware (short paper). In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7967 LNCS, pp. 139-149). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7967 LNCS). https://doi.org/10.1007/978-3-642-39235-1_8

Weaknesses in defenses against web-borne malware (short paper). / Lu, Gen; Debray, Saumya K.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 7967 LNCS 2013. p. 139-149 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7967 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Lu, G & Debray, SK 2013, Weaknesses in defenses against web-borne malware (short paper). in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 7967 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7967 LNCS, pp. 139-149, 10th Conference on Detection of Intrusions and Malware and Vulnerability Assessment, DIMVA 2013, Berlin, Germany, 7/18/13. https://doi.org/10.1007/978-3-642-39235-1_8
Lu G, Debray SK. Weaknesses in defenses against web-borne malware (short paper). In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 7967 LNCS. 2013. p. 139-149. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-39235-1_8
Lu, Gen ; Debray, Saumya K. / Weaknesses in defenses against web-borne malware (short paper). Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 7967 LNCS 2013. pp. 139-149 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{72502a29e4874b62b057afcc3607a976,
title = "Weaknesses in defenses against web-borne malware (short paper)",
abstract = "Web-based mechanisms, often mediated by malicious JavaScript code, play an important role in malware delivery today, making defenses against web-borne malware crucial for system security. This paper explores weaknesses in existing approaches to the detection of malicious JavaScript code. These approaches generally fall into two categories: lightweight techniques focusing on syntactic features such as string obfuscation and dynamic code generation; and heavier-weight approaches that look for deeper semantic characteristics such as the presence of shellcode-like strings or execution of exploit code. We show that each of these approaches has its weaknesses, and that state-of-the-art detectors using these techniques can be defeated using cloaking techniques that combine emulation with dynamic anti-analysis checks. Our goal is to promote a discussion in the research community focusing on robust defensive techniques rather than ad-hoc solutions.",
author = "Gen Lu and Debray, {Saumya K}",
year = "2013",
doi = "10.1007/978-3-642-39235-1_8",
language = "English (US)",
isbn = "9783642392344",
volume = "7967 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "139--149",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - Weaknesses in defenses against web-borne malware (short paper)

AU - Lu, Gen

AU - Debray, Saumya K

PY - 2013

Y1 - 2013

N2 - Web-based mechanisms, often mediated by malicious JavaScript code, play an important role in malware delivery today, making defenses against web-borne malware crucial for system security. This paper explores weaknesses in existing approaches to the detection of malicious JavaScript code. These approaches generally fall into two categories: lightweight techniques focusing on syntactic features such as string obfuscation and dynamic code generation; and heavier-weight approaches that look for deeper semantic characteristics such as the presence of shellcode-like strings or execution of exploit code. We show that each of these approaches has its weaknesses, and that state-of-the-art detectors using these techniques can be defeated using cloaking techniques that combine emulation with dynamic anti-analysis checks. Our goal is to promote a discussion in the research community focusing on robust defensive techniques rather than ad-hoc solutions.

AB - Web-based mechanisms, often mediated by malicious JavaScript code, play an important role in malware delivery today, making defenses against web-borne malware crucial for system security. This paper explores weaknesses in existing approaches to the detection of malicious JavaScript code. These approaches generally fall into two categories: lightweight techniques focusing on syntactic features such as string obfuscation and dynamic code generation; and heavier-weight approaches that look for deeper semantic characteristics such as the presence of shellcode-like strings or execution of exploit code. We show that each of these approaches has its weaknesses, and that state-of-the-art detectors using these techniques can be defeated using cloaking techniques that combine emulation with dynamic anti-analysis checks. Our goal is to promote a discussion in the research community focusing on robust defensive techniques rather than ad-hoc solutions.

UR - http://www.scopus.com/inward/record.url?scp=84881129592&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84881129592&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-39235-1_8

DO - 10.1007/978-3-642-39235-1_8

M3 - Conference contribution

AN - SCOPUS:84881129592

SN - 9783642392344

VL - 7967 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 139

EP - 149

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -