TY - GEN
T1 - Evasion attacks against statistical code obfuscation detectors
AU - Su, Jiawei
AU - Vargas, Danilo Vasconcellos
AU - Sakurai, Kouichi
N1 - Funding Information:
Acknowledgement. This research was partially supported by Collaboration Hubs for International Program (CHIRP) of SICORP, Japan Science and Technology Agency (JST). The authors would like to thank the referees and reviewers for their valuable comments and suggestions to improve the quality of the paper.
Publisher Copyright:
© Springer International Publishing AG 2017.
Copyright:
Copyright 2017 Elsevier B.V., All rights reserved.
PY - 2017
Y1 - 2017
N2 - In the domain of information security, code obfuscation is a feature often employed for malicious purposes. For example there have been quite a few papers reporting that obfuscated JavaScript frequently comes with malicious functionality such as redirecting to external malicious websites. In order to capture such obfuscation, a class of detectors based on statistical features of code, mostly n-grams have been proposed and been claimed to achieve high detection accuracy. In this paper, we formalize a common scenario between defenders who maintain the statistical obfuscation detectors and adversaries who want to evade the detection. Accordingly, we create two kinds of evasion attack methods and evaluate the robustness of statistical detectors under such attacks. Experimental results show that statistical obfuscation detectors can be easily fooled by a sophisticated adversary even in worst case scenarios.
AB - In the domain of information security, code obfuscation is a feature often employed for malicious purposes. For example there have been quite a few papers reporting that obfuscated JavaScript frequently comes with malicious functionality such as redirecting to external malicious websites. In order to capture such obfuscation, a class of detectors based on statistical features of code, mostly n-grams have been proposed and been claimed to achieve high detection accuracy. In this paper, we formalize a common scenario between defenders who maintain the statistical obfuscation detectors and adversaries who want to evade the detection. Accordingly, we create two kinds of evasion attack methods and evaluate the robustness of statistical detectors under such attacks. Experimental results show that statistical obfuscation detectors can be easily fooled by a sophisticated adversary even in worst case scenarios.
UR - http://www.scopus.com/inward/record.url?scp=85028466119&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85028466119&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-64200-0_8
DO - 10.1007/978-3-319-64200-0_8
M3 - Conference contribution
AN - SCOPUS:85028466119
SN - 9783319641997
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 121
EP - 137
BT - Advances in Information and Computer Security - 12th International Workshop on Security, IWSEC 2017, Proceedings
A2 - Obana, Satoshi
A2 - Chida, Koji
PB - Springer Verlag
T2 - 12th International Workshop on Security, IWSEC 2017
Y2 - 30 August 2017 through 1 September 2017
ER -