Weaknesses in defenses against web-borne malware (short paper)

Gen Lu; Saumya Debray

doi:10.1007/978-3-642-39235-1_8

Weaknesses in defenses against web-borne malware (short paper)

Gen Lu, Saumya Debray

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Scopus citations

Abstract

Web-based mechanisms, often mediated by malicious JavaScript code, play an important role in malware delivery today, making defenses against web-borne malware crucial for system security. This paper explores weaknesses in existing approaches to the detection of malicious JavaScript code. These approaches generally fall into two categories: lightweight techniques focusing on syntactic features such as string obfuscation and dynamic code generation; and heavier-weight approaches that look for deeper semantic characteristics such as the presence of shellcode-like strings or execution of exploit code. We show that each of these approaches has its weaknesses, and that state-of-the-art detectors using these techniques can be defeated using cloaking techniques that combine emulation with dynamic anti-analysis checks. Our goal is to promote a discussion in the research community focusing on robust defensive techniques rather than ad-hoc solutions.

Original language	English (US)
Title of host publication	Detection of Intrusions and Malware, and Vulnerability Assessment - 10th International Conference, DIMVA 2013, Proceedings
Pages	139-149
Number of pages	11
DOIs	https://doi.org/10.1007/978-3-642-39235-1_8
State	Published - 2013
Event	10th Conference on Detection of Intrusions and Malware and Vulnerability Assessment, DIMVA 2013 - Berlin, Germany Duration: Jul 18 2013 → Jul 19 2013

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	7967 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	10th Conference on Detection of Intrusions and Malware and Vulnerability Assessment, DIMVA 2013
Country/Territory	Germany
City	Berlin
Period	7/18/13 → 7/19/13

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-642-39235-1_8

Cite this

Lu, G., & Debray, S. (2013). Weaknesses in defenses against web-borne malware (short paper). In Detection of Intrusions and Malware, and Vulnerability Assessment - 10th International Conference, DIMVA 2013, Proceedings (pp. 139-149). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7967 LNCS). https://doi.org/10.1007/978-3-642-39235-1_8

Weaknesses in defenses against web-borne malware (short paper). / Lu, Gen; Debray, Saumya.
Detection of Intrusions and Malware, and Vulnerability Assessment - 10th International Conference, DIMVA 2013, Proceedings. 2013. p. 139-149 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7967 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lu, G & Debray, S 2013, Weaknesses in defenses against web-borne malware (short paper). in Detection of Intrusions and Malware, and Vulnerability Assessment - 10th International Conference, DIMVA 2013, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7967 LNCS, pp. 139-149, 10th Conference on Detection of Intrusions and Malware and Vulnerability Assessment, DIMVA 2013, Berlin, Germany, 7/18/13. https://doi.org/10.1007/978-3-642-39235-1_8

Lu G, Debray S. Weaknesses in defenses against web-borne malware (short paper). In Detection of Intrusions and Malware, and Vulnerability Assessment - 10th International Conference, DIMVA 2013, Proceedings. 2013. p. 139-149. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-39235-1_8

Lu, Gen ; Debray, Saumya. / Weaknesses in defenses against web-borne malware (short paper). Detection of Intrusions and Malware, and Vulnerability Assessment - 10th International Conference, DIMVA 2013, Proceedings. 2013. pp. 139-149 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{72502a29e4874b62b057afcc3607a976,

title = "Weaknesses in defenses against web-borne malware (short paper)",

abstract = "Web-based mechanisms, often mediated by malicious JavaScript code, play an important role in malware delivery today, making defenses against web-borne malware crucial for system security. This paper explores weaknesses in existing approaches to the detection of malicious JavaScript code. These approaches generally fall into two categories: lightweight techniques focusing on syntactic features such as string obfuscation and dynamic code generation; and heavier-weight approaches that look for deeper semantic characteristics such as the presence of shellcode-like strings or execution of exploit code. We show that each of these approaches has its weaknesses, and that state-of-the-art detectors using these techniques can be defeated using cloaking techniques that combine emulation with dynamic anti-analysis checks. Our goal is to promote a discussion in the research community focusing on robust defensive techniques rather than ad-hoc solutions.",

author = "Gen Lu and Saumya Debray",

year = "2013",

doi = "10.1007/978-3-642-39235-1_8",

language = "English (US)",

isbn = "9783642392344",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "139--149",

booktitle = "Detection of Intrusions and Malware, and Vulnerability Assessment - 10th International Conference, DIMVA 2013, Proceedings",

note = "10th Conference on Detection of Intrusions and Malware and Vulnerability Assessment, DIMVA 2013 ; Conference date: 18-07-2013 Through 19-07-2013",

}

TY - GEN

T1 - Weaknesses in defenses against web-borne malware (short paper)

AU - Lu, Gen

AU - Debray, Saumya

PY - 2013

Y1 - 2013

N2 - Web-based mechanisms, often mediated by malicious JavaScript code, play an important role in malware delivery today, making defenses against web-borne malware crucial for system security. This paper explores weaknesses in existing approaches to the detection of malicious JavaScript code. These approaches generally fall into two categories: lightweight techniques focusing on syntactic features such as string obfuscation and dynamic code generation; and heavier-weight approaches that look for deeper semantic characteristics such as the presence of shellcode-like strings or execution of exploit code. We show that each of these approaches has its weaknesses, and that state-of-the-art detectors using these techniques can be defeated using cloaking techniques that combine emulation with dynamic anti-analysis checks. Our goal is to promote a discussion in the research community focusing on robust defensive techniques rather than ad-hoc solutions.

AB - Web-based mechanisms, often mediated by malicious JavaScript code, play an important role in malware delivery today, making defenses against web-borne malware crucial for system security. This paper explores weaknesses in existing approaches to the detection of malicious JavaScript code. These approaches generally fall into two categories: lightweight techniques focusing on syntactic features such as string obfuscation and dynamic code generation; and heavier-weight approaches that look for deeper semantic characteristics such as the presence of shellcode-like strings or execution of exploit code. We show that each of these approaches has its weaknesses, and that state-of-the-art detectors using these techniques can be defeated using cloaking techniques that combine emulation with dynamic anti-analysis checks. Our goal is to promote a discussion in the research community focusing on robust defensive techniques rather than ad-hoc solutions.

UR - http://www.scopus.com/inward/record.url?scp=84881129592&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84881129592&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-39235-1_8

DO - 10.1007/978-3-642-39235-1_8

M3 - Conference contribution

AN - SCOPUS:84881129592

SN - 9783642392344

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 139

EP - 149

BT - Detection of Intrusions and Malware, and Vulnerability Assessment - 10th International Conference, DIMVA 2013, Proceedings

T2 - 10th Conference on Detection of Intrusions and Malware and Vulnerability Assessment, DIMVA 2013

Y2 - 18 July 2013 through 19 July 2013

ER -

Weaknesses in defenses against web-borne malware (short paper)

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this