Semantics-preserving dissection of Javascript exploits via dynamic JS-binary analysis

Xunchao Hu, Aravind Prakash, Jinghan Wang, Rundong Zhou, Yao Cheng, Heng Yin

Research output: Chapter in Book/Entry/PoemConference contribution

Abstract

JavaScript exploits impose a severe threat to computer security. Once a zero-day exploit is captured, it is critical to quickly pinpoint the JavaScript statements that uniquely characterize the exploit and the payload location in the exploit. However, the current diagnosis techniques are inadequate because they approach the problem either from a JavaScript perspective and fail to account for “implicit” data flow invisible at JavaScript level, or from a binary execution perspective and fail to present the JavaScript level view of exploit. In this paper, we propose JScalpel, a framework to automatically bridge the semantic gap between the JavaScript level and binary level for dynamic JS-binary analysis. With this new technique, JScalpel can automatically pinpoint exploitation or payload injection component of JavaScript exploits and generate minimized exploit code and a Proof-of-Vulnerability (PoV). Using JScalpel, we analyze 15 JavaScript exploits, 9 memory corruption exploits from Metasploit, 4 exploits from 3 different exploit kits and 2 wild exploits and successfully recover the payload and a minimized exploit for each of the exploits.

Original languageEnglish (US)
Title of host publicationResearch in Attacks, Intrusions, and Defenses - 19th International Symposium, RAID 2016, Proceedings
EditorsMarc Dacier, Fabian Monrose, Gregory Blanc, Joaquin Garcia-Alfaro
PublisherSpringer Verlag
Pages254-276
Number of pages23
ISBN (Print)9783319457185
DOIs
StatePublished - 2016
Event19th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2016 - Paris, France
Duration: Sep 19 2016Sep 21 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9854 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other19th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2016
Country/TerritoryFrance
CityParis
Period9/19/169/21/16

Keywords

  • Exploit analysis
  • Malicious JavaScript

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Semantics-preserving dissection of Javascript exploits via dynamic JS-binary analysis'. Together they form a unique fingerprint.

Cite this