Research Article
JSGuard: Shellcode Detection in JavaScript
@INPROCEEDINGS{10.1007/978-3-642-36883-7_8, author={Boxuan Gu and Wenbin Zhang and Xiaole Bai and Adam Champion and Feng Qin and Dong Xuan}, title={JSGuard: Shellcode Detection in JavaScript}, proceedings={Security and Privacy in Communication Networks. 8th International ICST Conference, SecureComm 2012, Padua, Italy, September 3-5, 2012. Revised Selected Papers}, proceedings_a={SECURECOMM}, year={2013}, month={2}, keywords={malicious JavaScript code shellcode detection web security intrusion detection browser security}, doi={10.1007/978-3-642-36883-7_8} }- Boxuan Gu
Wenbin Zhang
Xiaole Bai
Adam Champion
Feng Qin
Dong Xuan
Year: 2013
JSGuard: Shellcode Detection in JavaScript
SECURECOMM
Springer
DOI: 10.1007/978-3-642-36883-7_8
Abstract
JavaScript (JS) based shellcode injections are among the most dangerous attacks to computer systems. Existing approaches have various limitations in detecting such attacks. In this paper, we propose a new detection methodology that overcomes these limitations by fully using JS code execution environment information. We leverage this information and create a virtual execution environment where shellcodes’ real behavior can be precisely monitored and detection redundancy can be reduced. Following this methodology, we implement , a prototype malicious JS code detection system in Debian Linux with kernel version 2.6.26. Our extensive experiments show that JSGuard reports very few false positives and false negatives with acceptable overhead.