Fakeium: A Dynamic Execution Environment for JavaScript Program Analysis
Salvato in:
| Pubblicato in: | arXiv.org (Oct 28, 2024), p. n/a |
|---|---|
| Autore principale: | |
| Altri autori: | , |
| Pubblicazione: |
Cornell University Library, arXiv.org
|
| Soggetti: | |
| Accesso online: | Citation/Abstract Full text outside of ProQuest |
| Tags: |
Nessun Tag, puoi essere il primo ad aggiungerne!!
|
MARC
| LEADER | 00000nab a2200000uu 4500 | ||
|---|---|---|---|
| 001 | 3121797049 | ||
| 003 | UK-CbPIL | ||
| 022 | |a 2331-8422 | ||
| 035 | |a 3121797049 | ||
| 045 | 0 | |b d20241028 | |
| 100 | 1 | |a José Miguel Moreno | |
| 245 | 1 | |a Fakeium: A Dynamic Execution Environment for JavaScript Program Analysis | |
| 260 | |b Cornell University Library, arXiv.org |c Oct 28, 2024 | ||
| 513 | |a Working Paper | ||
| 520 | 3 | |a The JavaScript programming language, which began as a simple scripting language for the Web, has become ubiquitous, spanning desktop, mobile, and server applications. This increase in usage has made JavaScript an attractive target for nefarious actors, resulting in the proliferation of malicious browser extensions that steal user information and supply chain attacks that target the official Node.js package registry. To combat these threats, researchers have developed specialized tools and frameworks for analyzing the behavior of JavaScript programs to detect malicious patterns. Static analysis tools typically struggle with the highly dynamic nature of the language and fail to process obfuscated sources, while dynamic analysis pipelines take several minutes to run and require more resources per program, making them unfeasible for large-scale analyses. In this paper, we present Fakeium, a novel, open source, and lightweight execution environment designed for efficient, large-scale dynamic analysis of JavaScript programs. Built on top of the popular V8 engine, Fakeium complements traditional static analysis by providing additional API calls and string literals that would otherwise go unnoticed without the need for resource-intensive instrumented browsers or synthetic user input. Besides its negligible execution overhead, our tool is highly customizable and supports hooks for advanced analysis scenarios such as network traffic emulation. Fakeium's flexibility and ability to detect hidden API calls, especially in obfuscated sources, highlights its potential as a valuable tool for security analysts to detect malicious behavior. | |
| 653 | |a Java | ||
| 653 | |a Application programming interface | ||
| 653 | |a Threat evaluation | ||
| 653 | |a Program verification (computers) | ||
| 653 | |a Static code analysis | ||
| 653 | |a Hooks | ||
| 653 | |a Communications traffic | ||
| 653 | |a JavaScript | ||
| 653 | |a Supply chains | ||
| 653 | |a Target detection | ||
| 700 | 1 | |a Vallina-Rodriguez, Narseo | |
| 700 | 1 | |a Tapiador, Juan | |
| 773 | 0 | |t arXiv.org |g (Oct 28, 2024), p. n/a | |
| 786 | 0 | |d ProQuest |t Engineering Database | |
| 856 | 4 | 1 | |3 Citation/Abstract |u https://www.proquest.com/docview/3121797049/abstract/embedded/ZKJTFFSVAI7CB62C?source=fedsrch |
| 856 | 4 | 0 | |3 Full text outside of ProQuest |u http://arxiv.org/abs/2410.20862 |