Evasion attacks against statistical code obfuscation detectors

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In the domain of information security, code obfuscation is a feature often employed for malicious purposes. For example there have been quite a few papers reporting that obfuscated JavaScript frequently comes with malicious functionality such as redirecting to external malicious websites. In order to capture such obfuscation, a class of detectors based on statistical features of code, mostly n-grams have been proposed and been claimed to achieve high detection accuracy. In this paper, we formalize a common scenario between defenders who maintain the statistical obfuscation detectors and adversaries who want to evade the detection. Accordingly, we create two kinds of evasion attack methods and evaluate the robustness of statistical detectors under such attacks. Experimental results show that statistical obfuscation detectors can be easily fooled by a sophisticated adversary even in worst case scenarios.

Original languageEnglish
Title of host publicationAdvances in Information and Computer Security - 12th International Workshop on Security, IWSEC 2017, Proceedings
EditorsSatoshi Obana, Koji Chida
PublisherSpringer Verlag
Pages121-137
Number of pages17
ISBN (Print)9783319641997
DOIs
Publication statusPublished - Jan 1 2017
Event12th International Workshop on Security, IWSEC 2017 - Hiroshima, Japan
Duration: Aug 30 2017Sep 1 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10418 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other12th International Workshop on Security, IWSEC 2017
CountryJapan
CityHiroshima
Period8/30/179/1/17

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Evasion attacks against statistical code obfuscation detectors'. Together they form a unique fingerprint.

Cite this