Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Looking for criminal intents in javascript obfuscated code

Cerutti, Federico ORCID: https://orcid.org/0000-0003-0755-0358, di San Pietro, Daniele Barattieri, Gringoli, Francesco and Lamperti, Gianfranco 2022. Looking for criminal intents in javascript obfuscated code. Procedia Computer Science 207 , pp. 867-876. 10.1016/j.procs.2022.09.142

[thumbnail of 1-s2.0-S1877050922010249-main.pdf] PDF - Published Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.

Download (429kB)

Abstract

The majority of websites incorporate JavaScript for client-side execution in a supposedly protected environment. Unfortunately, JavaScript has also proven to be a critical attack vector for both independent and state-sponsored groups of hackers. On the one hand, defenders need to analyze scripts to ensure that no threat is delivered and to respond to potential security incidents. On the other, attackers aim to obfuscate the source code in order to disorient the defenders or even to make code analysis practically impossible. Since code obfuscation may also be adopted by companies for legitimate intellectual-property protection, a dilemma remains on whether a script is harmless or malignant, if not criminal. To help analysts deal with such a dilemma, a methodology is proposed, called JACOB, which is based on five steps, namely: (1) source code parsing, (2) control flow graph recovery, (3) region identification, (4) code structuring, and (5) partial evaluation. These steps implement a sort of decompilation for control flow fattened code, which is progressively transformed into something that is close to the original JavaScript source, thereby making eventual code analysis possible. Most relevantly, JACOB has been successfully applied to uncover unwanted user tracking and fingerprinting in e-commerce websites operated by a well-known Chinese company.

Item Type: Article
Date Type: Published Online
Status: Published
Schools: Computer Science & Informatics
Publisher: Elsevier
ISSN: 1877-0509
Date of First Compliant Deposit: 17 January 2023
Last Modified: 12 May 2023 04:57
URI: https://orca.cardiff.ac.uk/id/eprint/155847

Actions (repository staff only)

Edit Item Edit Item

Downloads

Downloads per month over past year

View more statistics