research-article

An Empirical Study on the Effects of Obfuscation on Static Machine Learning-Based Malicious JavaScript Detectors

Authors:

Weizhong Qiang,

Hai JinAuthors Info & Claims

ISSTA 2023: Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis

Pages 1420 - 1432

https://doi.org/10.1145/3597926.3598146

Published: 13 July 2023 Publication History

Abstract

Machine learning is increasingly being applied to malicious JavaScript detection in response to the growing number of Web attacks and the attendant costly manual identification. In practice, to hide their malicious behaviors or protect intellectual copyrights, both malicious and benign scripts tend to obfuscate their own code before uploading. While obfuscation is beneficial, it also introduces some additional code features (e.g., dead code) into the code. When machine learning is employed to learn a malicious JavaScript detector, these additional features can affect the model to make it less effective. However, there is still a lack of clear understanding of how robust existing machine learning-based detectors are on different obfuscators. In this paper, we conduct the first empirical study to figure out how obfuscation affects machine learning detectors based on static features. Through the results, we observe several findings: 1) Obfuscation has a significant impact on the effectiveness of detectors, causing an increase both in false negative rate (FNR) and false positive rate (FPR), and the bias of obfuscation in the training set induces detectors to detect obfuscation rather than malicious behaviors. 2) The common measures such as improving the quality of the training set by adding relevant obfuscated samples and leveraging state-of-the-art deep learning models can not work well.3) The root cause of obfuscation effects on these detectors is that feature spaces they use can only reflect shallow differences in code, not about the nature of benign and malicious, which can be easily affected by the differences brought by obfuscation. 4) Obfuscation has a similar effect on realistic detectors in VirusTotal, indicating that this is a common real-world problem.

References

[1]

2023. Atom: A Hackable Text Editor for the 21st Century. https://atom.io/

[2]

2023. AV Comparative Analyses. https://blog.virustotal.com/ 2012 /08/avcomparative-analyses-marketing-and.html

[3]

2023. Closure-compiler. https://github.com/google/closure-compiler

[4]

2023. Closure Compiler: Advanced Compilation. https://developers.google.com/ closure/compiler/docs/api-tutorial3

[5]

2023. CodeBERT. https://github.com/microsoft/CodeBERT

[6]

2023. German Federal Ofice for Information Security. https://www.bsi.bund.de/ EN

[7]

2023. Gnirts: Obfuscate String Literals in JavaScript Code. https://github.com/ anseki/gnirts

[8]

2023. JaSt-JS AST-Based Analysis. https://github.com/Aurore54F/JaSt

[9]

2023. JavaScript Malware Collection. https://github.com/HynekPetrak/ javascript-malware-collection

[10]

2023. JavaScript-obfuscator: A Powerful Obfuscator for JavaScript and Node.js. https://github.com/javascript-obfuscator/javascript-obfuscator

[11]

2023. JavaScript Reference. https://developer.mozilla.org/en-US/docs/Web/ JavaScript/Reference

[12]

2023. JSObfu: Obfuscate JavaScript (Beyond Repair) with Ruby. https://github. com/rapid7/jsobfu

[13]

2023. JStap: A Static Pre-Filter for Malicious JavaScript Detection. https: //github.com/Aurore54F/JStap

[14]

2023. Lexical-jsdetector. https://github.com/Aurore54F/lexical-jsdetector

[15]

2023. Malicious JavaScript Dataset. https://github.com/geeksonsecurity/jsmalicious-dataset

[16]

2023. Malware with Your Mocha: Obfuscation and Anti Emulation Tricks in Malicious JavaScript. https://www.yumpu.com/s/0PX6x19R5gw0KWvt

[17]

2023. MDNC-Malware Don't Need Cofee. https://malware.dontneedcofee.com/

[18]

2023. Microsoft Digital Defense Report. https://query.prod.cms.rt.microsoft. com/cms/api/am/binary/RWMFIi

[19]

2023. Online JavaScript Minifier Tool and Compressor, with Fast and Simple API Access. https://www.toptal.com/developers/javascript-minifier

[20]

2023. Scikit-learn: Machine Learning in Python. https://scikit-learn.org/stable/

[21]

2023. Syntactic-jsdetector. https://github.com/Aurore54F/syntactic-jsdetector

[22]

2023. VirusTotal-Analyze Suspicious Files and URLs to Detect Types of Malware. https://www.virustotal.com/

[23]

Ismail Adel Al-Taharwa, Hahn-Ming Lee, Albert B. Jeng, Kuo-Ping Wu, ChengSeen Ho, and Shyi-Ming Chen. 2015. JSOD: JavaScript Obfuscation Detector. Secur. Commun. Networks 8, 6 ( 2015 ), 1092-1107. https://doi.org/10.1002/sec.1064

Digital Library

[24]

Ammar Alazab, Ansam Khraisat, Moutaz Alazab, and Sarabjot Singh. 2022. Detection of Obfuscated Malicious JavaScript Code. Future Internet 14, 8 ( 2022 ), 217. https://doi.org/10.3390/fi14080217

[25]

Mohamed Alsharnouby, Furkan Alaca, and Sonia Chiasson. 2015. Why Phishing Still Works: User Strategies for Combating Phishing Attacks. International Journal of Human-Computer Studies 82 ( 2015 ), 69-82. https://doi.org/10.1016/j.ijhcs. 2015. 05.005

[26]

Fraser Brown, Shravan Narayan, Riad S. Wahby, Dawson Engler, Ranjit Jhala, and Deian Stefan. 2017. Finding and Preventing Bugs in JavaScript Bindings. In Proceedings of the 38th IEEE Symposium on Security and Privacy (SP'17). 559-578. https://doi.org/10.1109/SP. 2017.68

[27]

Davide Canali, Marco Cova, Giovanni Vigna, and Christopher Kruegel. 2011. Prophiler: A Fast Filter for the Large-scale Detection of Malicious Web Pages. In Proceedings of the 20th International Conference on World Wide Web (WWW'11). 197-206. https://doi.org/10.1145/1963405.1963436

Digital Library

[28]

Mariano Ceccato, Andrea Capiluppi, Paolo Falcarin, and Cornelia Boldyref. 2015. A Large Study on the Efect of Code Obfuscation on the Quality of Java Code. Empirical Software Engineering 20 ( 2015 ), 1486-1524. https://doi.org/10.1007/ s10664-014-9321-0

Digital Library

[29]

Marco Cova, Christopher Kruegel, and Giovanni Vigna. 2010. Detection and Analysis of Drive-by-download Attacks and Malicious JavaScript Code. In Proceedings of the 19th International Conference on World Wide Web (WWW'10). 281-290. https://doi.org/10.1145/1772690.1772720

Digital Library

[30]

Charlie Curtsinger, Benjamin Livshits, Benjamin G. Zorn, and Christian Seifert. 2011. ZOZZLE: Fast and Precise In-Browser JavaScript Malware Detection. In Proceedings of the 20th USENIX Security Symposium.

[31]

Steven Englehardt and Arvind Narayanan. 2016. Online Tracking: A 1-million-site Measurement and Analysis. In Proceedings of the 23rd ACM SIGSAC Conference on Computer and Communications Security (CCS'16). 1388-1401. https://doi.org/ 10.1145/2976749.2978313

Digital Library

[32]

Yong Fang, Cheng Huang, Yu Su, and Yaoyao Qiu. 2020. Detecting Malicious JavaScript Code Based on Semantic Analysis. Computers & Security 93 ( 2020 ), 101764. https://doi.org/10.1016/j.cose. 2020.101764

[33]

Yong Fang, Chaoyi Huang, Minchuan Zeng, Zhiying Zhao, and Cheng Huang. 2022. JStrong: Malicious JavaScript Detection Based on Code Semantic Representation and Graph Neural Network. Computers & Security 118 ( 2022 ), 102715. https://doi.org/10.1016/j.cose. 2022.102715

[34]

Aurore Fass, Michael Backes, and Ben Stock. 2019. Hidenoseek: Camouflaging Malicious JavaScript in Benign ASTs. In Proceedings of the 26th ACM SIGSAC Conference on Computer and Communications Security (CCS'19). 1899-1913. https: //doi.org/10.1145/3319535.3345656

Digital Library

[35]

Aurore Fass, Michael Backes, and Ben Stock. 2019. JStap: A Static Pre-filter for Malicious JavaScript Detection. In Proceedings of the 35th Annual Computer Security Applications Conference, (ACSAC'19). 257-269. https://doi.org/10.1145/ 3359789.3359813

Digital Library

[36]

Aurore Fass, Robert P. Krawczyk, Michael Backes, and Ben Stock. 2018. JaSt: Fully Syntactic Detection of Malicious (Obfuscated) JavaScript. In Proceedings of the 15th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'18), Vol. 10885. 303-325. https://doi.org/10.1007/978-3-319-93411-2_14

[37]

Zhangyin Feng, Daya Guo, Duyu Tang, Nan Duan, Xiaocheng Feng, Ming Gong, Linjun Shou, Bing Qin, Ting Liu, Daxin Jiang, and Ming Zhou. 2020. CodeBERT: A Pre-Trained Model for Programming and Natural Languages. In Findings of the Association for Computational Linguistics: EMNLP 2020. 1536-1547. https: //doi.org/10.18653/v1/ 2020.findings-emnlp. 139

[38]

Alejandro Gómez-Boix, Pierre Laperdrix, and Benoit Baudry. 2018. Hiding in the Crowd: An Analysis of the Efectiveness of Browser Fingerprinting at Large Scale. In Proceedings of the 27th International Conference on World Wide Web (WWW'18). 309-318. https://doi.org/10.1145/3178876.3186097

Digital Library

[39]

Daya Guo, Shuai Lu, Nan Duan, Yanlin Wang, Ming Zhou, and Jian Yin. 2022. UniXcoder: Unified Cross-Modal Pre-training for Code Representation. In Proceedings of the 60th Annual Meeting of the Association for Computational Linguistics (ACL'22). 7212-7225. https://doi.org/10.18653/v1/ 2022. acl-long.499

[40]

Daya Guo, Shuo Ren, Shuai Lu, Zhangyin Feng, Duyu Tang, Shujie Liu, Long Zhou, Nan Duan, Alexey Svyatkovskiy, Shengyu Fu, Michele Tufano, Shao Kun Deng, Colin B. Clement, Dawn Drain, Neel Sundaresan, Jian Yin, Daxin Jiang, and Ming Zhou. 2021. GraphCodeBERT: Pre-training Code Representations with Data Flow. In Proceedings of the 9th International Conference on Learning Representations (ICLR'21).

[41]

Mahmoud Hammad, Joshua Garcia, and Sam Malek. 2018. A Large-scale Empirical Study on the Efects of Code Obfuscations on Android Apps and Anti-malware Products. In Proceedings of the 40th International Conference on Software Engineering (ICSE'18). 421-431. https://doi.org/10.1145/3180155.3180228

Digital Library

[42]

Yunhua Huang, Tao Li, Lijia Zhang, Beibei Li, and Xiaojie Liu. 2021. JSContana: Malicious JavaScript Detection Using Adaptable Context Analysis and Key Feature Extraction. Computers & Security 104 ( 2021 ), 102218. https: //doi.org/10.1016/j.cose. 2021.102218

[43]

Shin-Jia Hwang and Tzu-Ping Chen. 2023. A Detector Using Variant Stacked Denoising Autoencoders with Logistic Regression for Malicious JavaScript with Obfuscations. In Proceedings of the 25th International Computer Symposium (ICS'22). 374-386. https://doi.org/10.1007/ 978-981-19-9582-8_33

[44]

Luca Invernizzi, Paolo Milani Comparetti, Stefano Benvenuti, Christopher Kruegel, Marco Cova, and Giovanni Vigna. 2012. Evilseed: A Guided Approach to Finding Malicious Web Pages. In Proceedings of the 33rd IEEE Symposium on Security and Privacy (SP'12). 428-442. https://doi.org/10.1109/SP. 2012.33

[45]

Scott Kaplan, Benjamin Livshits, Benjamin Zorn, Christian Siefert, and Charlie Curtsinger. 2011. " NOFUS: Automatically Detecting"+ String. fromCharCode (32)+" ObFuSCateD". toLowerCase ()+" JavaScript Code. Technical report, Technical Report MSR-TR 2011-57, Microsoft Research ( 2011 ).

[46]

Debabrata Kar, Suvasini Panigrahi, and Srikanth Sundararajan. 2016. SQLiGoT: Detecting SQL Injection Attacks Using Graph of Tokens and SVM. Computers & Security 60 ( 2016 ), 206-225. https://doi.org/10.1016/j.cose. 2016. 04.005

[47]

Kyungtae Kim, I Luk Kim, Chung Hwan Kim, Yonghwi Kwon, Yunhui Zheng, Xiangyu Zhang, and Dongyan Xu. 2017. J-force: Forced Execution on JavaScript. In Proceedings of the 26th International Conference on World Wide Web (WWW'17). 897-906. https://doi.org/10.1145/3038912.3052674

Digital Library

[48]

Thomas N. Kipf and Max Welling. 2016. Semi-supervised Classification with Graph Convolutional Networks. arXiv preprint arXiv:1609.02907 ( 2016 ). http://arxiv.org/abs/1609.02907

[49]

Clemens Kolbitsch, Benjamin Livshits, Benjamin Zorn, and Christian Seifert. 2012. Rozzle: De-cloaking Internet Malware. In Proceedings of the 33rd IEEE Symposium on Security and Privacy (SP'12). 443-457. https://doi.org/10.1109/SP. 2012.48

[50]

Radhesh Krishnan Konoth, Emanuele Vineti, Veelasha Moonsamy, Martina Lindorfer, Christopher Kruegel, Herbert Bos, and Giovanni Vigna. 2018. Minesweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense. In Proceedings of the 25th ACM SIGSAC Conference on Computer and Communications Security (CCS'18). 1714-1730. https://doi.org/10.1145/3243734.3243858

Digital Library

[51]

Pavel Laskov and Nedim Srndic. 2011. Static Detection of Malicious JavaScriptbearing PDF Documents. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC'11). 373-382. https://doi.org/10.1145/2076732. 2076785

Digital Library

[52]

Peter Likarish, Eunjin Jung, and Insoon Jo. 2009. Obfuscated Malicious JavaScript Detection Using Classification Techniques. In Proceedings of the 4th International Conference on Malicious and Unwanted Software (MALWARE'09). 47-54. https: //doi.org/10.1109/MALWARE. 2009.5403020

[53]

Marvin Moog, Markus Demmel, Michael Backes, and Aurore Fass. 2021. Statically Detecting JavaScript Obfuscation and Minification Techniques in the Wild. In Proceedings of the 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'21). 569-580. https://doi.org/10.1109/DSN48987. 2021. 00065

[54]

Samuel Ndichu, Sangwook Kim, Seiichi Ozawa, Takeshi Misu, and Kazuo Makishima. 2019. A Machine Learning Approach to Detection of JavaScript-based Attacks Using AST Features and Paragraph Vectors. Applied Soft Computing 84 ( 2019 ), 105721. https://doi.org/10.1016/j.asoc. 2019.105721

[55]

Victor Le Pochat, Tom van Goethem, Samaneh Tajalizadehkhoob, Maciej Korczynski, and Wouter Joosen. 2019. Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation. In Proceedings of the 26th Annual Network and Distributed System Security Symposium (NDSS'19).

[56]

Paruj Ratanaworabhan, V. Benjamin Livshits, and Benjamin G. Zorn. 2009. NOZZLE: A Defense Against Heap-spraying Code Injection Attacks. In Proceedings of the 18th USENIX Security Symposium. 169-186.

[57]

Veselin Raychev, Pavol Bielik, Martin Vechev, and Andreas Krause. 2016. Learning Programs from Noisy Data. ACM Sigplan Notices 51, 1 ( 2016 ), 761-774. https: //doi.org/10.1145/2837614.2837671

Digital Library

[58]

Kunlun Ren. 2023. Artifacts for the ISSTA 2023 Paper: An Empirical Study on the Efects of Obfuscation on Static Machine Learning-based Malicious JavaScript Detectors. https://doi.org/10.5281/zenodo.7977493

Digital Library

[59]

Konrad Rieck, Tammo Krueger, and Andreas Dewald. 2010. Cujo: Eficient Detection and Prevention of Drive-by-download Attacks. In Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC'10). 31-39. https: //doi.org/10.1145/1920261.1920267

Digital Library

[60]

Alan Romano, Daniel Lehmann, Michael Pradel, and Weihang Wang. 2022. Wobfuscator: Obfuscating JavaScript Malware via Opportunistic Translation to Webassembly. In Proceedings of the 43rd IEEE Symposium on Security and Privacy (SP'22). 1574-1589. https://doi.org/10.1109/SP46214. 2022.9833626

[61]

Muhammad Fakhrur Rozi, Tao Ban, Seiichi Ozawa, Sangwook Kim, Takeshi Takahashi, and Daisuke Inoue. 2021. JStrack: Enriching Malicious JavaScript Detection Based on AST Graph Analysis and Attention Mechanism. In Proceedings of the 28th International Conference on Neural Information Processing (ICONIP'21), Vol. 13109. 669-680. https://doi.org/10.1007/978-3-030-92270-2_57

Digital Library

[62]

Shaown Sarker, Jordan Jueckstock, and Alexandros Kapravelos. 2020. Hiding in Plain Site: Detecting JavaScript Obfuscation through Concealed Browser API Usage. In Proceedings of the 20th ACM Internet Measurement Conference (IMC'20). 648-661. https://doi.org/10.1145/3419394.3423616

Digital Library

[63]

Prabhu Seshagiri, Anu Vazhayil, and Padmamala Sriram. 2016. AMA: Static Code Analysis of Web Page for the Detection of Malicious Scripts. Procedia Computer Science 93 ( 2016 ), 768-773.

[64]

Philippe Skolka, Cristian-Alexandru Staicu, and Michael Pradel. 2019. Anything to Hide? Studying Minified and Obfuscated Code in the Web. In Proceedings of the 28th International Conference on World Wide Web (WWW'19). 1735-1746. https://doi.org/10.1145/3308558.3313752

Digital Library

[65]

Ben Stock, Benjamin Livshits, and Benjamin Zorn. 2016. Kizzle: A Signature Compiler for Detecting Exploit Kits. In Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'16). 455-466. https://doi.org/10.1109/DSN. 2016.48

[66]

Junjie Wang, Yinxing Xue, Yang Liu, and Tian Huat Tan. 2015. JSDC: A Hybrid Approach for JavaScript Malware Detection and Classification. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (AsiaCCS'15). 109-120. https://doi.org/10.1145/2714576.2714620

Digital Library

[67]

Pei Wang, Dinghao Wu, Zhaofeng Chen, and Tao Wei. 2019. Field Experience with Obfuscating Million-user iOS Apps in Large Enterprise Mobile Development. Software: Practice and Experience 49, 2 ( 2019 ), 252-273. https://doi.org/10.1002/ spe.2648

[68]

Yao Wang, Wan-dong Cai, and Peng-cheng Wei. 2016. A Deep Learning Approach for Detecting Malicious JavaScript Code. Security and Communication Networks 9, 11 ( 2016 ), 1520-1534. https://doi.org/10.1002/sec.1441

Digital Library

[69]

Xinyu Xing, Wei Meng, Byoungyoung Lee, Udi Weinsberg, Anmol Sheth, Roberto Perdisci, and Wenke Lee. 2015. Understanding Malvertising through Ad-injecting Browser Extensions. In Proceedings of the 24th International Conference on World Wide Web (WWW'15). 1286-1295. https://doi.org/10.1145/2736277.2741630

Digital Library

[70]

Wei Xu, Fangfang Zhang, and Sencun Zhu. 2012. The Power of Obfuscation Techniques in Malicious JavaScript Code: A Measurement Study. In Proceedings of the 7th International Conference on Malicious and Unwanted Software (MALWARE'12). 9-16. https://doi.org/10.1109/MALWARE. 2012.6461002

[71]

Wei Xu, Fangfang Zhang, and Sencun Zhu. 2013. JStill: Mostly Static Detection of Obfuscated Malicious JavaScript Code. In Proceedings of the third ACM Conference on Data and Application Security and Privacy (CODASPY'13). 117-128. https: //doi.org/10.1145/2435349.2435364

Digital Library

[72]

Yinxing Xue, Junjie Wang, Yang Liu, Hao Xiao, Jun Sun, and Mahinthan Chandramohan. 2015. Detection and Classification of Malicious JavaScript via Attack Behavior Modelling. In Proceedings of the 24th International Symposium on Software Testing and Analysis (ISSTA'15). 48-59. https://doi.org/10.1145/2771783. 2771814

Digital Library

[73]

Ye Zhang and Byron C. Wallace. 2017. A Sensitivity Analysis of (and Practitioners' Guide to) Convolutional Neural Networks for Sentence Classification. In Proceedings of the Eighth International Joint Conference on Natural Language Processing, IJCNLP 2017. 253-263. https://aclanthology.org/I17-1026/

[74]

Yuchen Zhou and David Evans. 2015. Understanding and Monitoring Embedded Web Scripts. In Proceedings of the 36th IEEE Symposium on Security and Privacy (SP'15). 850-865. https://doi.org/10.1109/SP. 2015.57

Cited By

Huang YWang RZheng WZhou ZWu SKe SChen BGao SPeng XFilkov VRay BZhou M(2024)SpiderScan: Practical Detection of Malicious NPM Packages Based on Graph-Based Behavior Modeling and MatchingProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695492(1146-1158)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695492
Amjad AMunir SShafiq ZGulzar MLuo BLiao XXu JKirda ELie D(2024)Blocking Tracking JavaScript at the Function GranularityProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670329(2177-2191)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670329
Phung PVarghese AWang BZhao YYu C(2024)JSMBox—A Runtime Monitoring Framework for Analyzing and Classifying Malicious JavaScriptSoftware and Data Engineering10.1007/978-3-031-75201-8_8(100-122)Online publication date: 19-Oct-2024
https://doi.org/10.1007/978-3-031-75201-8_8
Show More Cited By

Index Terms

An Empirical Study on the Effects of Obfuscation on Static Machine Learning-Based Malicious JavaScript Detectors
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Malware and its mitigation

Recommendations

The power of obfuscation techniques in malicious JavaScript code: A measurement study
MALWARE '12: Proceedings of the 2012 7th International Conference on Malicious and Unwanted Software (MALWARE)

JavaScript based attacks have been reported as the top Internet security threats in recent years. Since most of the Internet users rely on anti-virus software to protect themselves from malicious JavaScript code, attackers exploit JavaScript obfuscation ...
Using a Machine Learning Model for Malicious URL Type Detection
Internet of Things, Smart Spaces, and Next Generation Networks and Systems
Abstract
The world wide web, beyond its benefits, has also become a major platform for online criminal activities. Traditional protection methods against malicious URLs, such as blacklisting, remain a valid alternative, but cannot detect unknown sites, ...
Early detection of malicious behavior in JavaScript code
AISec '12: Proceedings of the 5th ACM workshop on Security and artificial intelligence

Malicious JavaScript code is widely used for exploiting vulnerabilities in web browsers and infecting users with malicious software. Static detection methods fail to protect from this threat, as they are unable to cope with the complexity and dynamics ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ISSTA 2023: Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis

July 2023

1554 pages

ISBN:9798400702211

DOI:10.1145/3597926

General Chair:
René Just
University of Washington, USA
,
Program Chair:
Gordon Fraser
University of Passau, Germany

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 July 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Artifacts Available / v1.1

Author Tags

Qualifiers

Research-article

Conference

ISSTA '23

Sponsor:

SIGSOFT

ISSTA '23: 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis

July 17 - 21, 2023

WA, Seattle, USA

Acceptance Rates

Overall Acceptance Rate 58 of 213 submissions, 27%

Upcoming Conference

ISSTA '25

Sponsor:
sigsoft

34th ACM SIGSOFT International Symposium on Software Testing and Analysis

June 25 - 28, 2025

Trondheim , Norway

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
381
Total Downloads

Downloads (Last 12 months)206
Downloads (Last 6 weeks)15

Reflects downloads up to 13 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Huang YWang RZheng WZhou ZWu SKe SChen BGao SPeng XFilkov VRay BZhou M(2024)SpiderScan: Practical Detection of Malicious NPM Packages Based on Graph-Based Behavior Modeling and MatchingProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695492(1146-1158)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695492
Amjad AMunir SShafiq ZGulzar MLuo BLiao XXu JKirda ELie D(2024)Blocking Tracking JavaScript at the Function GranularityProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670329(2177-2191)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670329
Phung PVarghese AWang BZhao YYu C(2024)JSMBox—A Runtime Monitoring Framework for Analyzing and Classifying Malicious JavaScriptSoftware and Data Engineering10.1007/978-3-031-75201-8_8(100-122)Online publication date: 19-Oct-2024
https://doi.org/10.1007/978-3-031-75201-8_8
Nasim AZhao HJaved MMehmood A(2023)Efficient IoT Malware Detection Using Convolution Neural Network and View-Invariant Block2023 18th International Conference on Intelligent Systems and Knowledge Engineering (ISKE)10.1109/ISKE60036.2023.10481346(8-14)Online publication date: 17-Nov-2023
https://doi.org/10.1109/ISKE60036.2023.10481346

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten