Detection of Unknown Malicious Scripts Using Static Analysis 


Vol. 9,  No. 5, pp. 765-774, Oct.  2002
10.3745/KIPSTC.2002.9.5.765


PDF
  Abstract

Analyzing the code using static heuristics is a widely used technique for detecting unknown malicious codes. It decides the maliciousness of a code by searching for some fragments that had been frequently found in known malicious codes. However, in script codes, it tries to search for sequences of method calls, not code fragments, because finding such fragments is much difficult. This technique makes many false alarms because such method calls can be also used in normal scripts. Thus, static heuristics for scripts are used only to detect malicious behavior consisting of specific method calls which is seldom used in normal scripts. In this paper, we suggest a static analysis that can detect malicious behavior more accurately, by concerning not only the method calls but also parameters and return values. The result of experiments show that malicious behaviors, which were difficult to detect by previous works, due to high false positive, will be detected by our method.

  Statistics
  Cite this article

[IEEE Style]

S. U. Lee, B. W. Bae, H. J. Lee, E. S. Cho, M. P. Hong, "Detection of Unknown Malicious Scripts Using Static Analysis," The KIPS Transactions:PartC, vol. 9, no. 5, pp. 765-774, 2002. DOI: 10.3745/KIPSTC.2002.9.5.765.

[ACM Style]

Seong Uck Lee, Byung Woo Bae, Hyong Joon Lee, Eun Sun Cho, and Man Pyo Hong. 2002. Detection of Unknown Malicious Scripts Using Static Analysis. The KIPS Transactions:PartC, 9, 5, (2002), 765-774. DOI: 10.3745/KIPSTC.2002.9.5.765.

Forms

Search
(IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

Advanced Search

POPULAR KEYWORDS
(TOP 10 KEYWORDS)

Recent Publications
(LAST 3 YEARS)

Old Journals

Indexing

All publications of TKIPS is indexed in DOI, EBSCO, Google Scholar, Crossref, and CrossCheck.

TKIPS is also selected as the Journal for Accreditation by NRF (National Research Foundation of Korea).

Related Journals