Automatic simplification of obfuscated JavaScript code: A semantics-based approach

Gen Lu; Saumya Debray

doi:10.1109/SERE.2012.13

Automatic simplification of obfuscated JavaScript code: A semantics-based approach

Gen Lu, Saumya Debray

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

34 Scopus citations

Abstract

JavaScript is a scripting language that is commonly used to create sophisticated interactive client-side web applications. However, JavaScript code can also be used to exploit vulnerabilities in the web browser and its extensions, and in recent years it has become a major mechanism for web-based malware delivery. In order to avoid detection, attackers often take advantage of the dynamic nature of JavaScript to create highly obfuscated code. This paper describes a semantics-based approach for automatic deobfuscation of JavaScript code. Experiments using a prototype implementation indicate that our approach is able to penetrate multiple layers of complex obfuscations and extract the core logic of the computation, which makes it easier to understand the behavior of the code.

Original language	English (US)
Title of host publication	Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012
Pages	31-40
Number of pages	10
DOIs	https://doi.org/10.1109/SERE.2012.13
State	Published - 2012
Event	2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012 - Gaithersburg, MD, United States Duration: Jun 20 2012 → Jun 22 2012

Publication series

Name	Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012

Other

Other	2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012
Country/Territory	United States
City	Gaithersburg, MD
Period	6/20/12 → 6/22/12

Keywords

Deobfuscation
Dynamic analysis
Program slicing
Web security

ASJC Scopus subject areas

Software
Safety, Risk, Reliability and Quality

Access to Document

10.1109/SERE.2012.13

Cite this

Lu, G., & Debray, S. (2012). Automatic simplification of obfuscated JavaScript code: A semantics-based approach. In Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012 (pp. 31-40). Article 6258292 (Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012). https://doi.org/10.1109/SERE.2012.13

Automatic simplification of obfuscated JavaScript code: A semantics-based approach. / Lu, Gen; Debray, Saumya.
Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012. 2012. p. 31-40 6258292 (Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lu, G & Debray, S 2012, Automatic simplification of obfuscated JavaScript code: A semantics-based approach. in Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012., 6258292, Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012, pp. 31-40, 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012, Gaithersburg, MD, United States, 6/20/12. https://doi.org/10.1109/SERE.2012.13

@inproceedings{d412418785f340928359675844b5276b,

title = "Automatic simplification of obfuscated JavaScript code: A semantics-based approach",

abstract = "JavaScript is a scripting language that is commonly used to create sophisticated interactive client-side web applications. However, JavaScript code can also be used to exploit vulnerabilities in the web browser and its extensions, and in recent years it has become a major mechanism for web-based malware delivery. In order to avoid detection, attackers often take advantage of the dynamic nature of JavaScript to create highly obfuscated code. This paper describes a semantics-based approach for automatic deobfuscation of JavaScript code. Experiments using a prototype implementation indicate that our approach is able to penetrate multiple layers of complex obfuscations and extract the core logic of the computation, which makes it easier to understand the behavior of the code.",

keywords = "Deobfuscation, Dynamic analysis, Program slicing, Web security",

author = "Gen Lu and Saumya Debray",

year = "2012",

doi = "10.1109/SERE.2012.13",

language = "English (US)",

isbn = "9780769547428",

series = "Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012",

pages = "31--40",

booktitle = "Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012",

note = "2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012 ; Conference date: 20-06-2012 Through 22-06-2012",

}

TY - GEN

T1 - Automatic simplification of obfuscated JavaScript code

T2 - 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012

AU - Lu, Gen

AU - Debray, Saumya

PY - 2012

Y1 - 2012

N2 - JavaScript is a scripting language that is commonly used to create sophisticated interactive client-side web applications. However, JavaScript code can also be used to exploit vulnerabilities in the web browser and its extensions, and in recent years it has become a major mechanism for web-based malware delivery. In order to avoid detection, attackers often take advantage of the dynamic nature of JavaScript to create highly obfuscated code. This paper describes a semantics-based approach for automatic deobfuscation of JavaScript code. Experiments using a prototype implementation indicate that our approach is able to penetrate multiple layers of complex obfuscations and extract the core logic of the computation, which makes it easier to understand the behavior of the code.

AB - JavaScript is a scripting language that is commonly used to create sophisticated interactive client-side web applications. However, JavaScript code can also be used to exploit vulnerabilities in the web browser and its extensions, and in recent years it has become a major mechanism for web-based malware delivery. In order to avoid detection, attackers often take advantage of the dynamic nature of JavaScript to create highly obfuscated code. This paper describes a semantics-based approach for automatic deobfuscation of JavaScript code. Experiments using a prototype implementation indicate that our approach is able to penetrate multiple layers of complex obfuscations and extract the core logic of the computation, which makes it easier to understand the behavior of the code.

KW - Deobfuscation

KW - Dynamic analysis

KW - Program slicing

KW - Web security

UR - http://www.scopus.com/inward/record.url?scp=84866674462&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84866674462&partnerID=8YFLogxK

U2 - 10.1109/SERE.2012.13

DO - 10.1109/SERE.2012.13

M3 - Conference contribution

AN - SCOPUS:84866674462

SN - 9780769547428

T3 - Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012

SP - 31

EP - 40

BT - Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012

Y2 - 20 June 2012 through 22 June 2012

ER -

Automatic simplification of obfuscated JavaScript code: A semantics-based approach

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this