• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

JsSandbox: A Framework for Analyzing the Behavior of Malicious JavaScript Code using Internal Function Hooking

Vol. 6, No.2, February 28, 2012
10.3837/tiis.2012.02.019, Download Paper (Free):

Abstract

Recently, many malicious users have attacked web browsers using JavaScript code that can execute dynamic actions within the browsers. By forcing the browser to execute malicious JavaScript code, the attackers can steal personal information stored in the system, allow malware program downloads in the client’s system, and so on. In order to reduce damage, malicious web pages must be located prior to general users accessing the infected pages. In this paper, a novel framework (JsSandbox) that can monitor and analyze the behavior of malicious JavaScript code using internal function hooking (IFH) is proposed. IFH is defined as the hooking of all functions in the modules using the debug information and extracting the parameter values. The use of IFH enables the monitoring of functions that API hooking cannot. JsSandbox was implemented based on a debugger engine, and some features were applied to detect and analyze malicious JavaScript code: detection of obfuscation, deobfuscation of the obfuscated string, detection of URLs related to redirection, and detection of exploit codes. Then, the proposed framework was analyzed for specific features, and the results demonstrate that JsSandbox can be applied to the analysis of the behavior of malicious web pages.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
Hyoung Chun Kim, Young Han Choi and Dong Hoon Lee, "JsSandbox: A Framework for Analyzing the Behavior of Malicious JavaScript Code using Internal Function Hooking," KSII Transactions on Internet and Information Systems, vol. 6, no. 2, pp. 766-783, 2012. DOI: 10.3837/tiis.2012.02.019

[ACM Style]
Kim, H. C., Choi, Y. H., and Lee, D. H. 2012. JsSandbox: A Framework for Analyzing the Behavior of Malicious JavaScript Code using Internal Function Hooking. KSII Transactions on Internet and Information Systems, 6, 2, (2012), 766-783. DOI: 10.3837/tiis.2012.02.019