CISPA
Browse

Statically Detecting JavaScript Obfuscation and Minification Techniques in the Wild

Download (520.25 kB)
conference contribution
posted on 2023-11-29, 18:16 authored by Marvin Moog, Markus Demmel, Michael BackesMichael Backes, Aurore FassAurore Fass
JavaScript is both a popular client-side programming language and an attack vector. While malware developers transform their JavaScript code to hide its malicious intent and impede detection, well-intentioned developers also transform their code to, e.g., optimize website performance. In this paper, we conduct an in-depth study of code transformations in the wild. Specifically, we perform a static analysis of JavaScript files to build their Abstract Syntax Tree (AST), which we extend with control and data flows. Subsequently, we define two classifiers, benefitting from AST-based features, to detect transformed samples along with specific transformation techniques. Besides malicious samples, we find that transforming code is increasingly popular on Node.js libraries and client-side JavaScript, with, e.g., 90% of Alexa Top 10k websites containing a transformed script. This way, code transformations are no indicator of maliciousness. Finally, we showcase that benign code transformation techniques and their frequency both differ from the prevalent malicious ones.

History

Preferred Citation

Marvin Moog, Markus Demmel, Michael Backes and Aurore Fass. Statically Detecting JavaScript Obfuscation and Minification Techniques in the Wild. In: IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). 2021.

Primary Research Area

  • Empirical and Behavioral Security

Name of Conference

IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

Legacy Posted Date

2021-03-23

Open Access Type

  • Unknown

BibTeX

@inproceedings{cispa_all_3385, title = "Statically Detecting JavaScript Obfuscation and Minification Techniques in the Wild", author = "Moog, Marvin and Demmel, Markus and Backes, Michael and Fass, Aurore", booktitle="{IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)}", year="2021", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC