JSForce: A forced execution engine for malicious javascript detection

Author

Xunchao HU
Yao CHENG
Yue DUAN, Singapore Management UniversityFollow
Andrew HENDERSON
Heng YIN

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

10-2017

Abstract

The drastic increase of JavaScript exploitation attacks has led to a strong interest in developing techniques to analyze malicious JavaScript. Existing analysis techniques fall into two general categories: static analysis and dynamic analysis. Static analysis tends to produce inaccurate results (both false positive and false negative) and is vulnerable to a wide series of obfuscation techniques. Thus, dynamic analysis is constantly gaining popularity for exposing the typical features of malicious JavaScript. However, existing dynamic analysis techniques possess limitations such as limited code coverage and incomplete environment setup, leaving a broad attack surface for evading the detection. To overcome these limitations, we present the design and implementation of a novel JavaScript forced execution engine named JSForce which drives an arbitrary JavaScript snippet to execute along different paths without any input or environment setup. We evaluate JSForce using 220,587 HTML and 23,509 PDF real-world samples. Experimental results show that by adopting our forced execution engine, the malicious JavaScript detection rate can be substantially boosted by 206.29% using same detection policy without any noticeable false positive increase.

Keywords

Analysis techniques, Design and implementations, Detection rates, Dynamic analysis techniques, Execution engine, False positive and false negatives, Forced execution, Malicious javascript

Discipline

Information Security

Research Areas

Cybersecurity; Information Systems and Management

Publication

Proceedings of the 13th EAI International Conference on Security and Privacy in Communication Networks, Ontario, Canada, 2017 October 22-25

Volume

238

First Page

704

Last Page

720

Identifier

10.1007/978-3-319-78813-5_37

Publisher

Springer Verlag

City or Country

Berlin

Citation

HU, Xunchao; CHENG, Yao; DUAN, Yue; HENDERSON, Andrew; and YIN, Heng. JSForce: A forced execution engine for malicious javascript detection. (2017). Proceedings of the 13th EAI International Conference on Security and Privacy in Communication Networks, Ontario, Canada, 2017 October 22-25. 238, 704-720.
Available at: https://ink.library.smu.edu.sg/sis_research/8172

Copyright Owner and License

Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

http://doi.org/10.1007/978-3-319-78813-5_37