Evasion attacks against statistical code obfuscation detectors

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In the domain of information security, code obfuscation is a feature often employed for malicious purposes. For example there have been quite a few papers reporting that obfuscated JavaScript frequently comes with malicious functionality such as redirecting to external malicious websites. In order to capture such obfuscation, a class of detectors based on statistical features of code, mostly n-grams have been proposed and been claimed to achieve high detection accuracy. In this paper, we formalize a common scenario between defenders who maintain the statistical obfuscation detectors and adversaries who want to evade the detection. Accordingly, we create two kinds of evasion attack methods and evaluate the robustness of statistical detectors under such attacks. Experimental results show that statistical obfuscation detectors can be easily fooled by a sophisticated adversary even in worst case scenarios.

Original languageEnglish
Title of host publicationAdvances in Information and Computer Security - 12th International Workshop on Security, IWSEC 2017, Proceedings
EditorsSatoshi Obana, Koji Chida
PublisherSpringer Verlag
Pages121-137
Number of pages17
ISBN (Print)9783319641997
DOIs
Publication statusPublished - Jan 1 2017
Event12th International Workshop on Security, IWSEC 2017 - Hiroshima, Japan
Duration: Aug 30 2017Sep 1 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10418 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other12th International Workshop on Security, IWSEC 2017
CountryJapan
CityHiroshima
Period8/30/179/1/17

Fingerprint

Obfuscation
Detector
Attack
Detectors
JavaScript
Scenarios
N-gram
Information Security
Security of data
Websites
Robustness
Evaluate
Experimental Results

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Su, J., Vargas, D. V., & Sakurai, K. (2017). Evasion attacks against statistical code obfuscation detectors. In S. Obana, & K. Chida (Eds.), Advances in Information and Computer Security - 12th International Workshop on Security, IWSEC 2017, Proceedings (pp. 121-137). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10418 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-64200-0_8

Evasion attacks against statistical code obfuscation detectors. / Su, Jiawei; Vargas, Danilo Vasconcellos; Sakurai, Kouichi.

Advances in Information and Computer Security - 12th International Workshop on Security, IWSEC 2017, Proceedings. ed. / Satoshi Obana; Koji Chida. Springer Verlag, 2017. p. 121-137 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10418 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Su, J, Vargas, DV & Sakurai, K 2017, Evasion attacks against statistical code obfuscation detectors. in S Obana & K Chida (eds), Advances in Information and Computer Security - 12th International Workshop on Security, IWSEC 2017, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10418 LNCS, Springer Verlag, pp. 121-137, 12th International Workshop on Security, IWSEC 2017, Hiroshima, Japan, 8/30/17. https://doi.org/10.1007/978-3-319-64200-0_8
Su J, Vargas DV, Sakurai K. Evasion attacks against statistical code obfuscation detectors. In Obana S, Chida K, editors, Advances in Information and Computer Security - 12th International Workshop on Security, IWSEC 2017, Proceedings. Springer Verlag. 2017. p. 121-137. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-64200-0_8
Su, Jiawei ; Vargas, Danilo Vasconcellos ; Sakurai, Kouichi. / Evasion attacks against statistical code obfuscation detectors. Advances in Information and Computer Security - 12th International Workshop on Security, IWSEC 2017, Proceedings. editor / Satoshi Obana ; Koji Chida. Springer Verlag, 2017. pp. 121-137 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{a0004562c2db49d4b6acdfd14598d376,
title = "Evasion attacks against statistical code obfuscation detectors",
abstract = "In the domain of information security, code obfuscation is a feature often employed for malicious purposes. For example there have been quite a few papers reporting that obfuscated JavaScript frequently comes with malicious functionality such as redirecting to external malicious websites. In order to capture such obfuscation, a class of detectors based on statistical features of code, mostly n-grams have been proposed and been claimed to achieve high detection accuracy. In this paper, we formalize a common scenario between defenders who maintain the statistical obfuscation detectors and adversaries who want to evade the detection. Accordingly, we create two kinds of evasion attack methods and evaluate the robustness of statistical detectors under such attacks. Experimental results show that statistical obfuscation detectors can be easily fooled by a sophisticated adversary even in worst case scenarios.",
author = "Jiawei Su and Vargas, {Danilo Vasconcellos} and Kouichi Sakurai",
year = "2017",
month = "1",
day = "1",
doi = "10.1007/978-3-319-64200-0_8",
language = "English",
isbn = "9783319641997",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "121--137",
editor = "Satoshi Obana and Koji Chida",
booktitle = "Advances in Information and Computer Security - 12th International Workshop on Security, IWSEC 2017, Proceedings",
address = "Germany",

}

TY - GEN

T1 - Evasion attacks against statistical code obfuscation detectors

AU - Su, Jiawei

AU - Vargas, Danilo Vasconcellos

AU - Sakurai, Kouichi

PY - 2017/1/1

Y1 - 2017/1/1

N2 - In the domain of information security, code obfuscation is a feature often employed for malicious purposes. For example there have been quite a few papers reporting that obfuscated JavaScript frequently comes with malicious functionality such as redirecting to external malicious websites. In order to capture such obfuscation, a class of detectors based on statistical features of code, mostly n-grams have been proposed and been claimed to achieve high detection accuracy. In this paper, we formalize a common scenario between defenders who maintain the statistical obfuscation detectors and adversaries who want to evade the detection. Accordingly, we create two kinds of evasion attack methods and evaluate the robustness of statistical detectors under such attacks. Experimental results show that statistical obfuscation detectors can be easily fooled by a sophisticated adversary even in worst case scenarios.

AB - In the domain of information security, code obfuscation is a feature often employed for malicious purposes. For example there have been quite a few papers reporting that obfuscated JavaScript frequently comes with malicious functionality such as redirecting to external malicious websites. In order to capture such obfuscation, a class of detectors based on statistical features of code, mostly n-grams have been proposed and been claimed to achieve high detection accuracy. In this paper, we formalize a common scenario between defenders who maintain the statistical obfuscation detectors and adversaries who want to evade the detection. Accordingly, we create two kinds of evasion attack methods and evaluate the robustness of statistical detectors under such attacks. Experimental results show that statistical obfuscation detectors can be easily fooled by a sophisticated adversary even in worst case scenarios.

UR - http://www.scopus.com/inward/record.url?scp=85028466119&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85028466119&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-64200-0_8

DO - 10.1007/978-3-319-64200-0_8

M3 - Conference contribution

AN - SCOPUS:85028466119

SN - 9783319641997

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 121

EP - 137

BT - Advances in Information and Computer Security - 12th International Workshop on Security, IWSEC 2017, Proceedings

A2 - Obana, Satoshi

A2 - Chida, Koji

PB - Springer Verlag

ER -