Static Semantics Reconstruction for Enhancing JavaScript-WebAssembly Multilingual Malware Detection
Guardado en:
| Udgivet i: | arXiv.org (Apr 19, 2024), p. n/a |
|---|---|
| Hovedforfatter: | |
| Andre forfattere: | , , , , |
| Udgivet: |
Cornell University Library, arXiv.org
|
| Fag: | |
| Online adgang: | Citation/Abstract Full text outside of ProQuest |
| Tags: |
Ingen Tags, Vær først til at tagge denne postø!
|
MARC
| LEADER | 00000nab a2200000uu 4500 | ||
|---|---|---|---|
| 001 | 2882598871 | ||
| 003 | UK-CbPIL | ||
| 022 | |a 2331-8422 | ||
| 035 | |a 2882598871 | ||
| 045 | 0 | |b d20240419 | |
| 100 | 1 | |a Xia, Yifan | |
| 245 | 1 | |a Static Semantics Reconstruction for Enhancing JavaScript-WebAssembly Multilingual Malware Detection | |
| 260 | |b Cornell University Library, arXiv.org |c Apr 19, 2024 | ||
| 513 | |a Working Paper | ||
| 520 | 3 | |a The emergence of WebAssembly allows attackers to hide the malicious functionalities of JavaScript malware in cross-language interoperations, termed JavaScript-WebAssembly multilingual malware (JWMM). However, existing anti-virus solutions based on static program analysis are still limited to monolingual code. As a result, their detection effectiveness decreases significantly against JWMM. The detection of JWMM is challenging due to the complex interoperations and semantic diversity between JavaScript and WebAssembly. To bridge this gap, we present JWBinder, the first technique aimed at enhancing the static detection of JWMM. JWBinder performs a language-specific data-flow analysis to capture the cross-language interoperations and then characterizes the functionalities of JWMM through a unified high-level structure called Inter-language Program Dependency Graph. The extensive evaluation on one of the most representative real-world anti-virus platforms, VirusTotal, shows that \system effectively enhances anti-virus systems from various vendors and increases the overall successful detection rate against JWMM from 49.1\% to 86.2\%. Additionally, we assess the side effects and runtime overhead of JWBinder, corroborating its practical viability in real-world applications. | |
| 653 | |a Computer viruses | ||
| 653 | |a Side effects | ||
| 653 | |a Program verification (computers) | ||
| 653 | |a Semantics | ||
| 653 | |a Malware | ||
| 653 | |a Multilingualism | ||
| 653 | |a System effectiveness | ||
| 653 | |a Anti-virus software | ||
| 653 | |a JavaScript | ||
| 653 | |a Data flow analysis | ||
| 700 | 1 | |a He, Ping | |
| 700 | 1 | |a Zhang, Xuhong | |
| 700 | 1 | |a Liu, Peiyu | |
| 700 | 1 | |a Ji, Shouling | |
| 700 | 1 | |a Wang, Wenhai | |
| 773 | 0 | |t arXiv.org |g (Apr 19, 2024), p. n/a | |
| 786 | 0 | |d ProQuest |t Engineering Database | |
| 856 | 4 | 1 | |3 Citation/Abstract |u https://www.proquest.com/docview/2882598871/abstract/embedded/ZKJTFFSVAI7CB62C?source=fedsrch |
| 856 | 4 | 0 | |3 Full text outside of ProQuest |u http://arxiv.org/abs/2310.17304 |