Date of Award
Spring 2010
Document Type
Thesis
Degree Name
Bachelor of Science
Department
Computer Science
First Advisor
Dr. Barry Lawson
Abstract
The increased use of the World Wide Web and JavaScript as a scripting language for Web pages have made JavaScript a popular attack vector for infecting users' machines with malware. Additionally, attackers often obfuscate their code to avoid detection, which heightens the challenge and complexity of automated defense systems. We present two analyses of malicious scripts and suggest how they could be extended into intrusion detection systems. For our analyses we use a sample of deobfuscated malicious and benign scripts collected from actual Web sites. First, using our malicious sample, we perform a manual analysis of attack signatures, identifying four distinct categories of attacks. Second, we use existing research software to analyze certain function calls made by the malicious and benign scripts, and compare the resulting distributions of function calls. Then we perform a classification analysis using logistic regression to propose an approach for a host-based intrusion detection system.
Recommended Citation
Der, Matthew F., "Detecting malicious JavaScript" (2010). Honors Theses. 168.
https://scholarship.richmond.edu/honors-theses/168
Included in
Information Security Commons, Mathematics Commons, Programming Languages and Compilers Commons