For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
Visual Object Tracking Using Fast Three-Dimensional Discrete Cosine Transform
p.1689
An Immediate Error Compensation Method for PCB Alignment Based on Image Measurement
p.1693
Roller Bearing Fault Diagnosis Based on ELMD and Fuzzy C-Means Clustering Algorithm
p.1698
Real-Time BER Test for Real-Time Optical OFDM Transmission System
p.1701
A Combined Malicious Documents Detecting Method Based on Emulators
p.1707
Object Tracking across Non-Overlapping Cameras Based on Improved TLD and Multi-Feathers Object Matching
p.1713
Nondestructive Detection of Vitamin C Content in Navel Orange Based on GA and GEP Algorithm
p.1718
Research on Grain Storage Insect Image for Automatic Identification
p.1723
Research on Tailings Pond Online Safety Monitoring System Based on Zigbee Sensor Network
p.1728

A Combined Malicious Documents Detecting Method Based on Emulators

Article Preview

Abstract:

ShellCode injections with malicious JavaScript code in documents are becoming more prevalent and dangerous. However, the existing methods have some limitations in detecting this kind of attacks. In this article, we explore the detections of malicious documents and propose an approach of detecting malicious documents that contains JavaScript ShellCode. In our approach, we provide an impact factor which represents the reliability of the document being malicious. We use both static detections and dynamic detections and then combine the results of the two different methods. Therefore, we can get an acceptable overhead and make the detection immune to obfuscation. We have implemented a proof-of-concept prototype of the detection system on a Linux platform. We also have evaluated the accuracy and the performance overhead on the test platform. The results show that the system reports very few faults with an acceptable overhead.

You might also be interested in these eBooks
Advanced Manufacturing and Information Engineering, Intelligent Instrumentation and Industry Development View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 602-605)

Pages:

1707-1712

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.602-605.1707

Citation:

Cite this paper

Online since:

August 2014

Authors:

Xiang Gao*, Min Yu, Jian Guo Jiang, Xin Liang Qiu, Chao Liu

Keywords:

Dynamic Detection, Emulator, JavaScript ShellCode, Malicious Document, Rule-Based Detection

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2014 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

* - Corresponding Author

References

[1] Lin J Y, Pao H. Multi-View Malicious Document Detection[C]/ 2013 Conference on Technologies and Applications of Artificial Intelligence, 2013: 170-175.

DOI: 10.1109/taai.2013.43

Google Scholar

[2] Ratanaworabhan P, Livshits V B, Zorn B G. NOZZLE: A Defense Against Heap-spraying Code Injection Attacks[C]/USENIX Security Symposium. 2009: 169-186.

Google Scholar

[3] Curtsinger C, Livshits B, Zorn B G, et al. ZOZZLE: Fast and Precise In-Browser JavaScript Malware Detection[C]/USENIX Security Symposium. 2011: 33-48.

Google Scholar

[4] Akritidis P, Markatos E P, Polychronakis M, et al. Stride: Polymorphic sled detection through instruction sequence analysis [M]/Security and Privacy in the Age of Ubiquitous Computing. Springer US, 2005: 375-391.

DOI: 10.1007/0-387-25660-1_25

Google Scholar

[5] Roesch M. Snort: Lightweight Intrusion Detection for Networks[C]/LISA. 1999, 99: 229-238.

Google Scholar

[6] Maiorca D, Giacinto G, Corona I. A pattern recognition system for malicious pdf files detection [M]/Machine Learning and Data Mining in Pattern Recognition. Springer Berlin Heidelberg, 2012: 510-524.

DOI: 10.1007/978-3-642-31537-4_40

Google Scholar

[7] Foster J C. Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals: Reverse Engineering Exploits and Tool Coding for Security Professionals [M]. Syngress, (2005).

DOI: 10.1016/b978-159749005-4/50016-x

Google Scholar

[8] Flanagan D. JavaScript: the definitive guide [M]. O'Reilly Media, Inc., 2006: 214.

Google Scholar

[9] Gu B, Zhang W, Bai X, et al. JSGuard: Shellcode Detection in JavaScript [M]/Security and Privacy in Communication Networks. Springer Berlin Heidelberg, 2013: 112-130.

DOI: 10.1007/978-3-642-36883-7_8

Google Scholar

[10] Bayer U, Moser A, Kruegel C, et al. Dynamic analysis of malicious code [J]. Journal in Computer Virology, 2006, 2(1): 67-77.

DOI: 10.1007/s11416-006-0012-2

Google Scholar

[11] MOZILLA DEVELOPER NETWORK. https: /developer. mozilla. org/en-US/docs/SpiderMonkey/1. 8. 8#Platform_support.

Google Scholar

[12] Schmitt F, Gassen J, Gerhards-Padilla E. PDF Scrutinizer: Detecting JavaScript-based attacks in PDF documents[C]/Privacy, Security and Trust (PST), 2012 Tenth Annual International Conference on. IEEE, 2012: 104-111.

DOI: 10.1109/pst.2012.6297926

Google Scholar

[13] Lu X, Zhuge J, Wang R, et al. De-obfuscation and Detection of Malicious PDF Files with High Accuracy[C]/System Sciences (HICSS), 2013 46th Hawaii International Conference on. IEEE, 2013: 4890-4899.

DOI: 10.1109/hicss.2013.166

Google Scholar

[14] Libemu – x86 Shellcode Emulation. http: /libemu. carnivore. it.

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.