Obfuscated Malicious Script Response Technique Deployed at Host Level

Authors

  • Sang-Hwan Oh Korea Internet & Security Agency, Seoul, Korea.
  • Jong-Hun Jung Korea Internet & Security Agency, Seoul, Korea.
  • Hwan-Kuk Kim Korea Internet & Security Agency, Seoul, Korea.

Keywords:

Script-based CyberAttack, Web Security, Obfuscated Malicious Script,

Abstract

JavaScript functions have been remarkably enhanced thanks to the emergence of the next generation web standard HTML5 presented by W3C. HTML5 provides powerful functions that could replace non-standard technologies such as Active X by providing functions such as media play, 3-D graphic processing and Web socket communications using JavaScript only without the installation of separate plugins. Along with these trends in the ICT environment, many studies have been done related to threats exploiting JavaScript, which comprises a core of HTML5 functions. There are, however, many limitations in detecting obfuscated malicious scripts since most detection techniques use signature-based pattern matching. This paper will propose a method capable of detecting obfuscated malicious scripts at the host level and preventing the scripts’ execution.

References

Seokchul Kang, 2013.Security issues in a HTML5 service environment Internet & Security Focus

JScrambler. https://blog.jscrambler.com/protecting-JavaScriptsource-code-using-obfuscation-facts-and-fiction/

ASEC Jihun Kim, Understanding JavaScript Obfuscation

SiteAdvisor. McAfee. Available: http://www.siteadvisor.com

Long Lu, Vinod Yegneswaran, Phillip a. Porras. 2010. BLADE:An attack-agnostic approach for preventing drive by malware infections.

Young-Wook Lee, Dong-Jae Jung, Sang-Hun Jeon and Chae-Ho Lim, 2012. Design and Implementation of Web-browser based Malicious behavior Detection System (WMDS) Journal of the Korea Institute of Information Security and Cryptology, 22(3).

DWebBrowserEvents2 interface, MSDN, Microsoft. Available: http://msdn.microsoft.com/en-us/library/aa768283(v=vs.85).aspx

YARA Documentation, http://yara.readthedocs.org/en/latest/index.html.

Downloads

Published

2017-06-01

How to Cite

Oh, S.-H., Jung, J.-H., & Kim, H.-K. (2017). Obfuscated Malicious Script Response Technique Deployed at Host Level. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 9(2-3), 93–95. Retrieved from https://jtec.utem.edu.my/jtec/article/view/2289

Issue

Vol. 9 No. 2-3: Circuit and System Advancement in Modern World II

Section

Articles

License

TRANSFER OF COPYRIGHT AGREEMENT

The manuscript is herewith submitted for publication in the Journal of Telecommunication, Electronic and Computer Engineering (JTEC). It has not been published before, and it is not under consideration for publication in any other journals. It contains no material that is scandalous, obscene, libelous or otherwise contrary to law. When the manuscript is accepted for publication, I, as the author, hereby agree to transfer to JTEC, all rights including those pertaining to electronic forms and transmissions, under existing copyright laws, except for the following, which the author(s) specifically retain(s):

  1. All proprietary right other than copyright, such as patent rights
  2. The right to make further copies of all or part of the published article for my use in classroom teaching
  3. The right to reuse all or part of this manuscript in a compilation of my own works or in a textbook of which I am the author; and
  4. The right to make copies of the published work for internal distribution within the institution that employs me

I agree that copies made under these circumstances will continue to carry the copyright notice that appears in the original published work. I agree to inform my co-authors, if any, of the above terms. I certify that I have obtained written permission for the use of text, tables, and/or illustrations from any copyrighted source(s), and I agree to supply such written permission(s) to JTEC upon request.