Detection of Unknown Malicious Scripts Using Static Analysis

KIPS Transactions on Computer and Communication Systems, Vol. 9, No. 5, pp. 765-774, Oct. 2002
10.3745/KIPSTC.2002.9.5.765,   PDF Download:


Analyzing the code using static heuristics is a widely used technique for detecting unknown malicious codes. It decides the maliciousness of a code by searching for some fragments that had been frequently found in known malicious codes. However, in script codes, it tries to search for sequences of method calls, not code fragments, because finding such fragments is much difficult. This technique makes many false alarms because such method calls can be also used in normal scripts. Thus, static heuristics for scripts are used only to detect malicious behavior consisting of specific method calls which is seldom used in normal scripts. In this paper, we suggest a static analysis that can detect malicious behavior more accurately, by concerning not only the method calls but also parameters and return values. The result of experiments show that malicious behaviors, which were difficult to detect by previous works, due to high false positive, will be detected by our method.

Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.

Cite this article
[IEEE Style]
S. U. Lee, B. W. Bae, H. J. Lee, E. S. Cho and M. P. Hong, "Detection of Unknown Malicious Scripts Using Static Analysis," KIPS Journal C (2001 ~ 2012) , vol. 9, no. 5, pp. 765-774, 2002. DOI: 10.3745/KIPSTC.2002.9.5.765.

[ACM Style]
Seong Uck Lee, Byung Woo Bae, Hyong Joon Lee, Eun Sun Cho, and Man Pyo Hong. 2002. Detection of Unknown Malicious Scripts Using Static Analysis. KIPS Journal C (2001 ~ 2012) , 9, 5, (2002), 765-774. DOI: 10.3745/KIPSTC.2002.9.5.765.