Detecting Malicious Behaviors in JavaScript Applications

Jian Mao; Jingdong Bian; Guangdong Bai; Ruilong Wang; Yue Chen; Yinhao Xiao; Zhenkai Liang

doi:10.1109/ACCESS.2018.2795383

Detecting Malicious Behaviors in JavaScript Applications

Jian Mao^*
, Jingdong Bian
, Guangdong Bai
, Ruilong Wang
, Yue Chen
, Yinhao Xiao
, Zhenkai Liang

^*此作品的通讯作者

网络空间安全学院

Beihang University
Singapore Institute of Technology
George Washington University
National University of Singapore

科研成果: 期刊稿件 › 文章 › 同行评审

21 引用（Scopus）

摘要

JavaScript applications are widely used in a range of scenarios, including Web applications, mobile applications, and server-side applications. On one hand, due to its excellent cross-platform support, Javascript has become the core technology of social network platforms. On the other hand, the flexibility of the JavaScript language makes such applications prone to attacks that inject malicious behaviors. In this paper, we propose a detection technique to identify malicious behaviors in JavaScript applications. Our method models an application's normal behavior on function activation, which is used as a basis to detect attacks. We prototyped our solution on the popular JavaScript engine V8 and used it to detect attacks on the android system. Our evaluation shows the effectiveness of our approach in detecting injection attacks to JavaScript applications.

源语言	英语
页（从-至）	12284-12294
页数	11
期刊	IEEE Access
卷	6
DOI	https://doi.org/10.1109/ACCESS.2018.2795383
出版状态	已出版 - 17 1月 2018

访问文件

10.1109/ACCESS.2018.2795383

其它文件与链接

链接到 Scopus 的出版物

引用此

@article{81d87e5126e943d687b14888ccbeacb6,

title = "Detecting Malicious Behaviors in JavaScript Applications",

abstract = "JavaScript applications are widely used in a range of scenarios, including Web applications, mobile applications, and server-side applications. On one hand, due to its excellent cross-platform support, Javascript has become the core technology of social network platforms. On the other hand, the flexibility of the JavaScript language makes such applications prone to attacks that inject malicious behaviors. In this paper, we propose a detection technique to identify malicious behaviors in JavaScript applications. Our method models an application's normal behavior on function activation, which is used as a basis to detect attacks. We prototyped our solution on the popular JavaScript engine V8 and used it to detect attacks on the android system. Our evaluation shows the effectiveness of our approach in detecting injection attacks to JavaScript applications.",

keywords = "JavaScript application, behavior anomaly detection, hybrid mobile app",

author = "Jian Mao and Jingdong Bian and Guangdong Bai and Ruilong Wang and Yue Chen and Yinhao Xiao and Zhenkai Liang",

note = "Publisher Copyright: {\textcopyright} 2013 IEEE.",

year = "2018",

month = jan,

day = "17",

doi = "10.1109/ACCESS.2018.2795383",

language = "英语",

volume = "6",

pages = "12284--12294",

journal = "IEEE Access",

issn = "2169-3536",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - Detecting Malicious Behaviors in JavaScript Applications

AU - Mao, Jian

AU - Bian, Jingdong

AU - Bai, Guangdong

AU - Wang, Ruilong

AU - Chen, Yue

AU - Xiao, Yinhao

AU - Liang, Zhenkai

PY - 2018/1/17

Y1 - 2018/1/17

N2 - JavaScript applications are widely used in a range of scenarios, including Web applications, mobile applications, and server-side applications. On one hand, due to its excellent cross-platform support, Javascript has become the core technology of social network platforms. On the other hand, the flexibility of the JavaScript language makes such applications prone to attacks that inject malicious behaviors. In this paper, we propose a detection technique to identify malicious behaviors in JavaScript applications. Our method models an application's normal behavior on function activation, which is used as a basis to detect attacks. We prototyped our solution on the popular JavaScript engine V8 and used it to detect attacks on the android system. Our evaluation shows the effectiveness of our approach in detecting injection attacks to JavaScript applications.

AB - JavaScript applications are widely used in a range of scenarios, including Web applications, mobile applications, and server-side applications. On one hand, due to its excellent cross-platform support, Javascript has become the core technology of social network platforms. On the other hand, the flexibility of the JavaScript language makes such applications prone to attacks that inject malicious behaviors. In this paper, we propose a detection technique to identify malicious behaviors in JavaScript applications. Our method models an application's normal behavior on function activation, which is used as a basis to detect attacks. We prototyped our solution on the popular JavaScript engine V8 and used it to detect attacks on the android system. Our evaluation shows the effectiveness of our approach in detecting injection attacks to JavaScript applications.

KW - JavaScript application

KW - behavior anomaly detection

KW - hybrid mobile app

UR - https://www.scopus.com/pages/publications/85040927550

U2 - 10.1109/ACCESS.2018.2795383

DO - 10.1109/ACCESS.2018.2795383

M3 - 文章

AN - SCOPUS:85040927550

SN - 2169-3536

VL - 6

SP - 12284

EP - 12294

JO - IEEE Access

JF - IEEE Access

ER -

Detecting Malicious Behaviors in JavaScript Applications

摘要

访问文件

其它文件与链接

指纹

引用此