J-Force: Forced Execution on JavaScript
Proceedings of the 26th International World Wide Web Conference (WWW) 2017.
areas
Security,
Program Analysis
abstract
Web-based malware equipped with stealthy cloaking and obfuscation techniques is becoming more sophisticated nowadays. In this paper, we propose J-Force, a crash-free forced JavaScript execution engine to systematically explore possible execution paths and reveal malicious behaviors in such malware. In particular, J-Force records branch outcomes and mutates them for further explorations. J-Force inspects function parameter values that may reveal malicious intentions and expose suspicious DOM injections. We addressed a number of technical challenges encountered. For instance, we keep track of missing objects and DOM elements, and create them on demand. To verify the efficacy of our techniques, we apply J-Force to detect Exploit Kit (EK) attacks and malicious Chrome extensions. We observe that J-Force is more effective compared to the existing tools.