Weaknesses in defenses against web-borne malware (short paper)

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

Web-based mechanisms, often mediated by malicious JavaScript code, play an important role in malware delivery today, making defenses against web-borne malware crucial for system security. This paper explores weaknesses in existing approaches to the detection of malicious JavaScript code. These approaches generally fall into two categories: lightweight techniques focusing on syntactic features such as string obfuscation and dynamic code generation; and heavier-weight approaches that look for deeper semantic characteristics such as the presence of shellcode-like strings or execution of exploit code. We show that each of these approaches has its weaknesses, and that state-of-the-art detectors using these techniques can be defeated using cloaking techniques that combine emulation with dynamic anti-analysis checks. Our goal is to promote a discussion in the research community focusing on robust defensive techniques rather than ad-hoc solutions.

Original languageEnglish (US)
Title of host publicationDetection of Intrusions and Malware, and Vulnerability Assessment - 10th International Conference, DIMVA 2013, Proceedings
Pages139-149
Number of pages11
DOIs
StatePublished - Aug 12 2013
Event10th Conference on Detection of Intrusions and Malware and Vulnerability Assessment, DIMVA 2013 - Berlin, Germany
Duration: Jul 18 2013Jul 19 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7967 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other10th Conference on Detection of Intrusions and Malware and Vulnerability Assessment, DIMVA 2013
CountryGermany
CityBerlin
Period7/18/137/19/13

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Weaknesses in defenses against web-borne malware (short paper)'. Together they form a unique fingerprint.

  • Cite this

    Lu, G., & Debray, S. (2013). Weaknesses in defenses against web-borne malware (short paper). In Detection of Intrusions and Malware, and Vulnerability Assessment - 10th International Conference, DIMVA 2013, Proceedings (pp. 139-149). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7967 LNCS). https://doi.org/10.1007/978-3-642-39235-1_8