Detection and mitigation of malicious JavaScript using information flow control

Sayed, Bassam; Traoré, Issa; Abdelhalim, Amany

doi:10.1109/pst.2014.6890948

Cited by 5 publications

(3 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The following are few examples of different approaches considered by researchers in the last few years. B. Sayed et al proposed a model that uses information flow control dynamically at run-time to detect malicious JavaScript [22]. Y. Fange et al used Long Short-Term Memory (LSTM) to develop a malicious JavaScript detection model [8].…”

Section: Related Workmentioning

confidence: 99%

JSLess: A Tale of a Fileless Javascript Memory-Resident Malware

Saad

Mahmood

Briguglio

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

New computing paradigms, modern feature-rich programming languages and off-the-shelf software libraries enabled the development of new sophisticated malware families. Evidence of this phenomena is the recent growth of fileless malware attacks. Fileless malware or memory resident malware is an example of an Advanced Volatile Threat (AVT). In a fileless malware attack, the malware writes itself directly onto the main memory (RAM) of the compromised device without leaving any trace on the compromised device's file system. For this reason, fileless malware presents a difficult challenge for traditional malware detection tools and in particular signature-based detection. Moreover, fileless malware forensics and reverse engineering are nearly impossible using traditional methods. The majority of fileless malware attacks in the wild take advantage of MS PowerShell, however, fileless malware are not limited to MS PowerShell. In this paper, we designed and implemented a fileless malware by taking advantage of new features in Javascript and HTML5. The proposed fileless malware could infect any device that supports Javascript and HTML5. It serves as a proof-of-concept (PoC) to demonstrate the threats of fileless malware in web applications. We used the proposed fileless malware to evaluate existing methods and techniques for malware detection in web applications. We tested the proposed fileless malware with several free and commercial malware detection tools that apply both static and dynamic analysis. The proposed fileless malware bypassed all the anti-malware detection tools included in our study. In our analysis, we discussed the limitations of existing approaches/tools and suggested possible detection and mitigation techniques.

show abstract

Section: Related Workmentioning

confidence: 99%

JSLess: A Tale of a Fileless Javascript Memory-Resident Malware

Saad

Mahmood

Briguglio

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Exploration of both static and dynamic approaches are made in [33], and hybrid mechanisms such as [34,35,36], are provided to enhance the information flow capability and increasing permissiveness, by realizing static analysis by security type systems and realizing dynamic analysis by monitors. This hybrid approach was also employed in the development of a new system and language, Fabric [37], which is used to build secure distributed information systems.…”

Section: Related Workmentioning

confidence: 99%

A secrecy-preserving language for distributed and object-oriented systems

Ramezanifarkhani¹,

Owe²,

Tokas³

2018

Journal of Logical and Algebraic Methods in Programming

View full text Add to dashboard Cite

In modern systems it is often necessary to distinguish between confidential (low-level) and non-confidential (high-level) information. Confidential information should be protected and not communicated or shared with low-level users. The non-interference policy is an information flow policy stipulating that low-level viewers should not be able to observe a difference between any two executions with the same low-level inputs. Only high-level viewers may observe confidential output. This is a non-trivial challenge when considering modern distributed systems involving concurrency and communication. The present paper addresses this challenge, by choosing language mechanisms that are both useful for programming of distributed systems and allow modular system analysis. We consider a general concurrency model for distributed systems, based on concurrent objects communicating by asynchronous methods. This model is suitable for modeling of modern service-oriented systems, and gives rise to efficient interaction avoiding active waiting and low-level synchronization primitives such as explicit signaling and lock operations. This concurrency model has a simple semantics and allows us to focus on information flow at a high level of abstraction, and allows realistic analysis by avoiding unnecessary restrictions on information flow between confidential and non-confidential data. Due to the non-deterministic nature of concurrent and distributed systems, we define a notion of interaction non-interference policy tailored to this setting. We provide two kinds of static analysis: a secrecy-type system and a trace analysis system, to capture inter-object and network level communication, respectively. We prove that interaction non-interference is satisfied by the combination of these analysis techniques. Thus any deviation from the policy caused by implicit information leakage visible through observation of network communication patterns, can be detected. The contribution of the paper lies in the definition of the notion of interaction non-interference, and in the formalization of a secrecy type system and a static trace analysis that together ensure interaction non-interference. We also provide several versions of a main example (a news subscription service) to demonstrate network leakage.

show abstract

“…JS malware detection is an active research area, therefore, various detection models were proposed due to the limited detection capability of existing antivirus software. Most ex-isting JS malware detection research articles have used two methods: dynamic [11], [16], [21], [29] and static [12], [15], [18] analysis. The static approach can detect only known malware, but the dynamic approach can also make decisions about new malware by analyzing the behavior of the malware.…”

Section: Introductionmentioning

confidence: 99%

A Systematic Literature Review and Quality Analysis of Javascript Malware Detection

Sohan

Basalamah

2020

IEEE Access

View full text Add to dashboard Cite

Context: JavaScript (JS) is an often-used programming language by millions of web pages and is also affected by thousands of malicious attacks. Objective: In this investigation, we provided a general view and a quick understanding of JavaScript Malware Detection (JSMD) research reported in the scientific literature from several perspectives. Method: We performed a Systematic Literature Review (SLR) and quality analysis of published research articles on the topic. We investigated 32 articles published between the year 2009 to the year 2019. Results: Selected 32 papers explained in this article reflect the outline of what was published so far. One of our key findings is the performance of Machine Learning (ML) based detection models were relatively higher than others. We also found that only a few papers were able to achieve high scores according to the quality assessment criteria. Conclusion: In this SLR, we summarized and synthesized the existing JSMD studies to identify the previous research practices and also to shed light on future guidelines in the malware detection space. This study will guide and help future researchers to investigate the previous literature efficiently and effectively.

show abstract

Detection and mitigation of malicious JavaScript using information flow control

Cited by 5 publications

References 15 publications

JSLess: A Tale of a Fileless Javascript Memory-Resident Malware

JSLess: A Tale of a Fileless Javascript Memory-Resident Malware

A secrecy-preserving language for distributed and object-oriented systems

A Systematic Literature Review and Quality Analysis of Javascript Malware Detection

Contact Info

Product

Resources

About