Detecting Malicious Behaviors in JavaScript Applications

Jian Mao; Jingdong Bian; Guangdong Bai; Ruilong Wang; Yue Chen; Yinhao Xiao; Zhenkai Liang

doi:10.1109/ACCESS.2018.2795383

Detecting Malicious Behaviors in JavaScript Applications

Jian Mao
, Jingdong Bian
, Guangdong Bai
, Ruilong Wang
, Yue Chen
, Yinhao Xiao
, Zhenkai Liang

Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review

21 Citations (Scopus)

1 Downloads (CityUHK Scholars)

Abstract

JavaScript applications are widely used in a range of scenarios, including Web applications, mobile applications, and server-side applications. On one hand, due to its excellent cross-platform support, Javascript has become the core technology of social network platforms. On the other hand, the flexibility of the JavaScript language makes such applications prone to attacks that inject malicious behaviors. In this paper, we propose a detection technique to identify malicious behaviors in JavaScript applications. Our method models an application's normal behavior on function activation, which is used as a basis to detect attacks. We prototyped our solution on the popular JavaScript engine V8 and used it to detect attacks on the android system. Our evaluation shows the effectiveness of our approach in detecting injection attacks to JavaScript applications. © 2013 IEEE.

Original language	English
Pages (from-to)	12284-12294
Journal	IEEE Access
Volume	6
DOIs	https://doi.org/10.1109/ACCESS.2018.2795383
Publication status	Published - 17 Jan 2018
Externally published	Yes

Bibliographical note

Publication details (e.g. title, author(s), publication statuses and dates) are captured on an “AS IS” and “AS AVAILABLE” basis at the time of record harvesting from the data source. Suggestions for further amendments or supplementary information can be sent to [email protected].

Funding

This work was supported in part by the National Key Research and Development Program of China under Grant 2017YFB0802400, in part by the National Natural Science Foundation of China under Grant 61402029, Grant 61370190, and Grant 61379002, in part by the Singapore Ministry of Education under the National University of Singapore under Grant R-252-000-666-114, and in part by the Funding Project of Shanghai Key Laboratory of Integrated Administration Technologies for Information Security under Grant AGK201708.

Research Keywords

behavior anomaly detection
hybrid mobile app
JavaScript application

Publisher's Copyright Statement

COPYRIGHT TERMS OF DEPOSITED FINAL PUBLISHED VERSION FILE: © 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

Access Output

10.1109/ACCESS.2018.2795383

382988088.pdfFinal Published version, 8.71 MB

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

@article{8cd8612687f141c3b3f8f86a96fce691,

title = "Detecting Malicious Behaviors in JavaScript Applications",

abstract = "JavaScript applications are widely used in a range of scenarios, including Web applications, mobile applications, and server-side applications. On one hand, due to its excellent cross-platform support, Javascript has become the core technology of social network platforms. On the other hand, the flexibility of the JavaScript language makes such applications prone to attacks that inject malicious behaviors. In this paper, we propose a detection technique to identify malicious behaviors in JavaScript applications. Our method models an application's normal behavior on function activation, which is used as a basis to detect attacks. We prototyped our solution on the popular JavaScript engine V8 and used it to detect attacks on the android system. Our evaluation shows the effectiveness of our approach in detecting injection attacks to JavaScript applications. {\textcopyright} 2013 IEEE.",

keywords = "behavior anomaly detection, hybrid mobile app, JavaScript application",

author = "Jian Mao and Jingdong Bian and Guangdong Bai and Ruilong Wang and Yue Chen and Yinhao Xiao and Zhenkai Liang",

note = "Publication details (e.g. title, author(s), publication statuses and dates) are captured on an “AS IS” and “AS AVAILABLE” basis at the time of record harvesting from the data source. Suggestions for further amendments or supplementary information can be sent to [email protected].",

year = "2018",

month = jan,

day = "17",

doi = "10.1109/ACCESS.2018.2795383",

language = "English",

volume = "6",

pages = "12284--12294",

journal = "IEEE Access",

issn = "2169-3536",

publisher = "IEEE",

}

TY - JOUR

T1 - Detecting Malicious Behaviors in JavaScript Applications

AU - Mao, Jian

AU - Bian, Jingdong

AU - Bai, Guangdong

AU - Wang, Ruilong

AU - Chen, Yue

AU - Xiao, Yinhao

AU - Liang, Zhenkai

N1 - Publication details (e.g. title, author(s), publication statuses and dates) are captured on an “AS IS” and “AS AVAILABLE” basis at the time of record harvesting from the data source. Suggestions for further amendments or supplementary information can be sent to [email protected].

PY - 2018/1/17

Y1 - 2018/1/17

N2 - JavaScript applications are widely used in a range of scenarios, including Web applications, mobile applications, and server-side applications. On one hand, due to its excellent cross-platform support, Javascript has become the core technology of social network platforms. On the other hand, the flexibility of the JavaScript language makes such applications prone to attacks that inject malicious behaviors. In this paper, we propose a detection technique to identify malicious behaviors in JavaScript applications. Our method models an application's normal behavior on function activation, which is used as a basis to detect attacks. We prototyped our solution on the popular JavaScript engine V8 and used it to detect attacks on the android system. Our evaluation shows the effectiveness of our approach in detecting injection attacks to JavaScript applications. © 2013 IEEE.

AB - JavaScript applications are widely used in a range of scenarios, including Web applications, mobile applications, and server-side applications. On one hand, due to its excellent cross-platform support, Javascript has become the core technology of social network platforms. On the other hand, the flexibility of the JavaScript language makes such applications prone to attacks that inject malicious behaviors. In this paper, we propose a detection technique to identify malicious behaviors in JavaScript applications. Our method models an application's normal behavior on function activation, which is used as a basis to detect attacks. We prototyped our solution on the popular JavaScript engine V8 and used it to detect attacks on the android system. Our evaluation shows the effectiveness of our approach in detecting injection attacks to JavaScript applications. © 2013 IEEE.

KW - behavior anomaly detection

KW - hybrid mobile app

KW - JavaScript application

UR - https://www.scopus.com/pages/publications/85040927550

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85040927550&origin=recordpage

U2 - 10.1109/ACCESS.2018.2795383

DO - 10.1109/ACCESS.2018.2795383

M3 - RGC 21 - Publication in refereed journal

SN - 2169-3536

VL - 6

SP - 12284

EP - 12294

JO - IEEE Access

JF - IEEE Access

ER -

Detecting Malicious Behaviors in JavaScript Applications

Abstract

Bibliographical note

Funding

Research Keywords

Publisher's Copyright Statement

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Cite this