Detection of malicious scripting code through discriminant and adversary-aware API analysis

MAIORCA, DAVIDE;RUSSU, PAOLO;CORONA, IGINO;BIGGIO, BATTISTA;GIACINTO, GIORGIO
2017

Abstract

JavaScript and ActionScript are powerful scripting languages that do not only allow the delivery of advanced multimedia contents, but that can be also used to exploit critical vulnerabilities of third-party applications. To detect both ActionScript- and JavaScript-based malware, we propose in this paper a machine-learning methodology that is based on extracting discriminant information from system API methods, attributes and classes. Our strategy exploits the similarities between the two scripting languages, and has been devised by also considering the possibility of targeted attacks that aim to deceive the employed classification algorithms. We tested our method on PDF and SWF data, respectively embedding JavaScript and ActionScript codes. Results show that the proposed strategy allows us to detect most of the tested malicious files, with low false positive rates. Finally, we show that the proposed methodology is also reasonably robust against evasive and targeted attacks.
eng
Italian Conference on Cybersecurity. Proceedings of the First Italian Conference on Cybersecurity (ITASEC17)
CEUR-WS
Alessandro Armando, Roberto Baldoni, Riccardo Focardi
1816
96
105
10
http://ceur-ws.org/Vol-1816/
1st Italian Conference on Cybersecurity, ITASEC 2017
Esperti anonimi
17-20 January 2017
Venezia, Italia
nazionale
Scientifica
no
4 Contributo in Atti di Convegno (Proceeding)::4.1 Contributo in Atti di convegno
Maiorca, Davide; Russu, Paolo; Corona, Igino; Biggio, Battista; Giacinto, Giorgio
273
5
4.1 Contributo in Atti di convegno
open
info:eu-repo/semantics/conferencePaper
File in questo prodotto:
File Dimensione Formato  
ITASEC17_Maiorca_printed.pdf

accesso aperto

Tipologia: versione editoriale
Dimensione 385.11 kB
Formato Adobe PDF
385.11 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Questionario e social

Condividi su:
Impostazioni cookie