Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
129 tokens/sec
GPT-4o
28 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Static Semantics Reconstruction for Enhancing JavaScript-WebAssembly Multilingual Malware Detection (2310.17304v2)

Published 26 Oct 2023 in cs.CR and cs.SE

Abstract: The emergence of WebAssembly allows attackers to hide the malicious functionalities of JavaScript malware in cross-language interoperations, termed JavaScript-WebAssembly multilingual malware (JWMM). However, existing anti-virus solutions based on static program analysis are still limited to monolingual code. As a result, their detection effectiveness decreases significantly against JWMM. The detection of JWMM is challenging due to the complex interoperations and semantic diversity between JavaScript and WebAssembly. To bridge this gap, we present JWBinder, the first technique aimed at enhancing the static detection of JWMM. JWBinder performs a language-specific data-flow analysis to capture the cross-language interoperations and then characterizes the functionalities of JWMM through a unified high-level structure called Inter-language Program Dependency Graph. The extensive evaluation on one of the most representative real-world anti-virus platforms, VirusTotal, shows that \system effectively enhances anti-virus systems from various vendors and increases the overall successful detection rate against JWMM from 49.1\% to 86.2\%. Additionally, we assess the side effects and runtime overhead of JWBinder, corroborating its practical viability in real-world applications.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (25)
  1. Npm. https://www.npmjs.com/ (2021)
  2. The year in web threats: Web skimmers take advantage of cloud hosting and more. https://unit42.paloaltonetworks.com/web-threats-trends-web-skimmers/ (2021)
  3. Github top programming languages. https://octoverse.github.com/2022/top-programming-languages (2022)
  4. 150k javascript dataset. https://www.sri.inf.ethz.ch/js150 (2023)
  5. Bitdefender. https://www.bitdefender.com/ (2023)
  6. Box.js, a sandbox to analyze malicious javascript. https://github.com/CapacitorSet/box-js (2023)
  7. De4js, javascript deobfuscator and unpacker. https://lelinhtinh.github.io/de4js/ (2023)
  8. Escodegen. https://github.com/estools/escodegen (2023)
  9. Esprima. https://esprima.org/ (2023)
  10. Geeks on security malicious javascript dataset. https://github.com/geeksonsecurity/js-malicious-dataset (2023)
  11. H. petrak, javascript malware collection. https://github.com/HynekPetrak/javascript-malware-collection (2023)
  12. Javascript deobfuscator. https://deobfuscate.io/ (2023)
  13. Javascript es6 standard. https://www.w3schools.com/js/js_es6.asp (2023)
  14. Jwbinder source code and data. https://github.com/JWBinderRepository/JWBinder (2023)
  15. Mcafee. https://www.mcafee.com/ (2023)
  16. Mdn web docs. https://developer.mozilla.org/en-US/docs/WebAssembly/JavaScript_interface (2023)
  17. Microsoft defender antivirus. https://www.microsoft.com/ (2023)
  18. Microsoft, internet explorer. https://www.microsoft.com/download/internet-explorer (2023)
  19. Nodejs. https://nodejs.org/ (2023)
  20. Sandbox for semi-automatic javascript malware analysis. https://github.com/HynekPetrak/malware-jail (2023)
  21. Virustotal. https://www.virustotal.com/ (2023)
  22. Webassembly. https://webassembly.org/ (2023)
  23. Webassembly core specification. https://www.w3.org/TR/2022/WD-wasm-core-2-20220419/syntax/instructions.html (2023)
  24. Webassembly is abused by ecriminals to hide malware. https://www.crowdstrike.com/blog/ecriminals-increasingly-use-webassembly-to-hide-malware/ (2023)
  25. Yara. https://virustotal.github.io/yara/ (2023)

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets