当前位置: X-MOL 学术arXiv.cs.CR › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Optimizing Away JavaScript Obfuscation
arXiv - CS - Cryptography and Security Pub Date : 2020-09-19 , DOI: arxiv-2009.09170
Adrian Herrera

JavaScript is a popular attack vector for releasing malicious payloads on unsuspecting Internet users. Authors of this malicious JavaScript often employ numerous obfuscation techniques in order to prevent the automatic detection by antivirus and hinder manual analysis by professional malware analysts. Consequently, this paper presents SAFE-Deobs, a JavaScript deobfuscation tool that we have built. The aim of SAFE-Deobs is to automatically deobfuscate JavaScript malware such that an analyst can more rapidly determine the malicious script's intent. This is achieved through a number of static analyses, inspired by techniques from compiler theory. We demonstrate the utility of SAFE-Deobs through a case study on real-world JavaScript malware, and show that it is a useful addition to a malware analyst's toolset.

中文翻译:

优化远离 JavaScript 混淆

JavaScript 是一种流行的攻击媒介,用于向毫无戒心的 Internet 用户释放恶意负载。这种恶意 JavaScript 的作者经常采用多种混淆技术,以防止防病毒软件自动检测并阻碍专业恶意软件分析师的手动分析。因此,本文介绍了 SAFE-Deobs,这是我们构建的 JavaScript 反混淆工具。SAFE-Deobs 的目标是自动对 JavaScript 恶意软件进行反混淆,以便分析人员可以更快地确定恶意脚本的意图。这是通过大量静态分析实现的,这些分析受到编译器理论技术的启发。我们通过真实世界 JavaScript 恶意软件的案例研究展示了 SAFE-Deobs 的实用性,并表明它是恶意软件分析师工具集的有用补充。
更新日期:2020-09-22
down
wechat
bug