Author : Vrushali S. Bari 1
Date of Publication :9th February 2017
Abstract: JavaScript is a scripting language. On one hand, it allows developers to create client-side interfaces for web applications. On the other hand, the malicious JavaScript code infects the web user and web browser. In order to detect malicious activities, two methods viz. static and dynamic detection methods have been discussed in the literature. The dynamic analysis method has better capability in detecting malicious activities compared to the static detection method. In this paper, we present a method based on Support Vector Machine (SVM) that would identify the malicious JavaScript code at the beginning itself. In addition, our proposed method supports the analysis of obfuscated code and analyzes the system offline. Further, it analyzes the web pages and identifies the type of attack. However, our focus is on the Cross-Site Scripting (XSS) attack.
Reference :
-
- C. Curtsinger, B. Livshits, B. Zorn, and C. Seifert. Zozzle: Fast and precise in-browser javascript malware detection. In Proc. of USENIX Security Symposium, 2011.
- M. Heiderich, T. Frosch, and T. Holz. IceShield: Detection and mitigiation of malicious web sites with a frozen dom. In Recent Adances in Intrusion Detection (RAID), Sept. 2011.
- K. Rieck, T. Krueger, and A. Dewald. Cujo: Efficient detection and prevention of drive-bydownload attacks. In 26th Annual Computer Security Applications Conference (ACSAC), pages 31-39, Dec. 2010.
- L. Lu, V. Yegneswaran, P. A. Porras, and W. Lee. BLADE: An attack-agnostic approach for preventing drive-by malware infections. In Proc. of Conference on Computer and Communications Security (CCS), pages 440-450,Oct. 2010.
- D. Canali, M. Cova, G. Vigna,and C. Kruegel. Prophiler: a fast Filter for the large-scale detection of malicious web pages. In Proc. of the International World Wide Web Conference (WWW), pages 197- 206, Apr.2011.
- M. Cova, C. Kruegel, and G. Vigna. Detection and analysis of drive-by-download attacks and malicious JavaScript code. In Proc. of the International World Wide Web Conference (WWW), 2010.