Ανάπτυξη επέκτασης Chrome για την ανίχνευση κακόβουλης JavaScript
Chrome extension development for malicious JavaScript detection
View/ Open
Keywords
Διαδίκτυο ; Ασφάλεια διαδικτύου ; Κακόβουλο λογισμικό ; Επιθέσεις διαδικτύου ; Chrome ; Malicious JavaScript ; Chrome extensionsAbstract
The purpose of this study is to investigate the current static and dynamic tools used for the detection of malicious JavaScript residing in different websites. Within the frames of the research an extension for the chrome browser was developed, which embeds the functions of these tools as an effort of detection of critical attacks originating from infected JavaScript code. More specifically two tools were used, JSDetox which conducts static analysis and the jsunpack-n which performs dynamic analysis. Combining the advantages of the two technologies mentioned, results in more efficient detection of malicious code in a website a user visits. In the specific extension a basic function which can detect obfuscated code, is implemented. This is achieved by calculating the entropy, n-gram and wordsize, filtered through a linear function resulting in a threshold for obfuscated code. All the above makes use of basic web technologies like JavaScript, HTML, AJAX and JQuery.
During the research and analysis presented throughout the thesis, the role of these technologies in detection of malicious and obfuscated code will be discussed thoroughly. Moreover, we will examine basic security issues of JavaScript, like the exploitation of these issues to attack the end user and how this code can become obfuscated. Concluding, a detailed analysis will be presented discussing the ways this extension was designed, developed and modified in order to communicate with a virtual machine, hosting the necessary tools to perform the necessary operations.