Comment
Author: Admin | 2025-04-28
Example, cross- known about how real-world websites use such code transforma- site scripting attacks try to inject malicious JavaScript code into tions. This paper presents an empirical study of obfuscation and websites [14, 17, 28]. Other attacks aim at compromising the under- minification in 967,149 scripts (424,023 unique) from the top 100,000 lying browser [6, 7] or extensions installed in a browser [11, 12], or websites. The core of our study is a highly accurate (95%-100%) they abuse particular web APIs [19, 26, 30]. neural network-based classifier that we train to identify whether An effective way to hide the maliciousness of JavaScript code are obfuscation or minification have been applied and if yes, using code transformations that preserve the overall behavior of a script what tools. We find that code transformations are very widespread, while making it harder to understand and analyze. [Show full text] Statically Detecting Javascript Obfuscation and Minification Techniques in the Wild Statically Detecting JavaScript Obfuscation and Minification Techniques in the Wild Marvin Moog∗y, Markus Demmel∗, Michael Backesy, and Aurore Fassy ∗Saarland University yCISPA Helmholtz Center for Information Security: fbackes, [email protected] Abstract—JavaScript is both a popular client-side program- inherently different objectives, these transformations leave ming language and an attack vector. While malware developers different traces in the source code syntax. In particular, transform their JavaScript code to hide its malicious intent the Abstract Syntax Tree (AST) represents the nesting of and impede detection, well-intentioned developers also transform their code to, e.g., optimize website performance. In this paper, programming constructs. Therefore, regular (meaning non- we conduct an in-depth study of code transformations in the transformed) JavaScript has a different AST than transformed wild. Specifically, we perform a static analysis of JavaScript files code. Specifically, previous studies leveraged differences in to build their Abstract Syntax Tree (AST), which we extend with the AST to distinguish benign from malicious JavaScript [5], control and data flows. Subsequently, we define two classifiers, [9], [14], [15]. Still, they did not discuss if their detectors benefitting from AST-based features, to detect transformed sam- ples along with specific transformation techniques. confounded transformations with maliciousness or why they Besides malicious samples, we find that transforming code did not. In particular, there are legitimate reasons for well- is increasingly popular on Node.js libraries and client-side intentioned developers to transform their code (e.g., perfor- JavaScript, with, e.g., 90% of Alexa Top 10k websites containing mance improvement), meaning that code transformations are a transformed script. [Show full text] Interactive Computer Vision Through the Web En vue de l'obtention du DOCTORAT DE L'UNIVERSITÉ DE TOULOUSE Délivré par : Institut National Polytechnique de Toulouse (Toulouse INP) Discipline ou spécialité : Informatique et Télécommunication Présentée et soutenue par : M. MATTHIEU PIZENBERG le vendredi 28 février 2020 Titre : Interactive Computer Vision through the Web Ecole doctorale : Mathématiques, Informatique, Télécommunications de Toulouse (MITT) Unité de recherche : Institut de Recherche en Informatique de Toulouse ( IRIT) Directeur(s) de Thèse : M. VINCENT CHARVILLAT M. AXEL CARLIER Rapporteurs : M. MATHIAS
Add Comment