View article

Web browsers are often used as a popular means for compromising Internet hosts. An attacker may inject a JavaScript malware into a web page. When a victim visits this page, the malware is executed and attempts to exploit a specific browser vulnerability or download an unwanted program. Obfuscated JavaScript malware can easily evade signature-based detection by changing the appearance of JavaScript code. To address this problem, some previous studies have used static analysis in which some features are extracted from both benign and malicious web pages, and then a classifier is trained to distinguish between them. Because nowadays benign JavaScript code is often obfuscated, static analysis techniques generate many false alarms. In this paper, we use dynamic analysis to monitor a web page for detecting obfuscated JavaScript malware. We first load a set of malicious web pages in a real web …