Detecting malicious JavaScript

Author

Matthew F. Der, University of Richmond

Date of Award

Spring 2010

Document Type

Thesis

Degree Name

Bachelor of Science

Department

Computer Science

First Advisor

Dr. Barry Lawson

Abstract

The increased use of the World Wide Web and JavaScript as a scripting language for Web pages have made JavaScript a popular attack vector for infecting users' machines with malware. Additionally, attackers often obfuscate their code to avoid detection, which heightens the challenge and complexity of automated defense systems. We present two analyses of malicious scripts and suggest how they could be extended into intrusion detection systems. For our analyses we use a sample of deobfuscated malicious and benign scripts collected from actual Web sites. First, using our malicious sample, we perform a manual analysis of attack signatures, identifying four distinct categories of attacks. Second, we use existing research software to analyze certain function calls made by the malicious and benign scripts, and compare the resulting distributions of function calls. Then we perform a classification analysis using logistic regression to propose an approach for a host-based intrusion detection system.

Recommended Citation

Der, Matthew F., "Detecting malicious JavaScript" (2010). Honors Theses. 168.
https://scholarship.richmond.edu/honors-theses/168