Obfuscated Malicious Script Response Technique Deployed at Host Level


  • Sang-Hwan Oh Korea Internet & Security Agency, Seoul, Korea.
  • Jong-Hun Jung Korea Internet & Security Agency, Seoul, Korea.
  • Hwan-Kuk Kim Korea Internet & Security Agency, Seoul, Korea.


Script-based CyberAttack, Web Security, Obfuscated Malicious Script,


JavaScript functions have been remarkably enhanced thanks to the emergence of the next generation web standard HTML5 presented by W3C. HTML5 provides powerful functions that could replace non-standard technologies such as Active X by providing functions such as media play, 3-D graphic processing and Web socket communications using JavaScript only without the installation of separate plugins. Along with these trends in the ICT environment, many studies have been done related to threats exploiting JavaScript, which comprises a core of HTML5 functions. There are, however, many limitations in detecting obfuscated malicious scripts since most detection techniques use signature-based pattern matching. This paper will propose a method capable of detecting obfuscated malicious scripts at the host level and preventing the scripts’ execution.


Seokchul Kang, 2013.Security issues in a HTML5 service environment Internet & Security Focus

JScrambler. https://blog.jscrambler.com/protecting-JavaScriptsource-code-using-obfuscation-facts-and-fiction/

ASEC Jihun Kim, Understanding JavaScript Obfuscation

SiteAdvisor. McAfee. Available: http://www.siteadvisor.com

Long Lu, Vinod Yegneswaran, Phillip a. Porras. 2010. BLADE:An attack-agnostic approach for preventing drive by malware infections.

Young-Wook Lee, Dong-Jae Jung, Sang-Hun Jeon and Chae-Ho Lim, 2012. Design and Implementation of Web-browser based Malicious behavior Detection System (WMDS) Journal of the Korea Institute of Information Security and Cryptology, 22(3).

DWebBrowserEvents2 interface, MSDN, Microsoft. Available: http://msdn.microsoft.com/en-us/library/aa768283(v=vs.85).aspx

YARA Documentation, http://yara.readthedocs.org/en/latest/index.html.




How to Cite

Oh, S.-H., Jung, J.-H., & Kim, H.-K. (2017). Obfuscated Malicious Script Response Technique Deployed at Host Level. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 9(2-3), 93–95. Retrieved from https://jtec.utem.edu.my/jtec/article/view/2289