WIDE Paper-List in 2010 Towards Real-time JavaScript Deobfuscation for Analysis Purposes wide-paper-swan-jwis2010-00.txt WIDE Project: http://www.wide.ad.jp/ If you have any comments on WIDE documents, please contact to board@wide.ad.jp. Title: Towards Real-time JavaScript Deobfuscation for Analysis Purposes Author(s): Gregory Blanc, Youki Kadobayashi Date: 2010-12-15 url: x-wide-wgnames: SWAN keywords: web 2.0 security, JavaScript malware, proxy, deobfuscation references: summary_ja: | summary: | The user has become the privileged target of attackers over the Web. It is no surprise when we know that Web 2.0 applications provide an addictive user-experience meanwhile allowing a wider and more complex set of attacks. JavaScript with its central position within the browser is the glue that allows the cooperation of plugins and APIs but is also the tool of choice for attackers that target user’s assets. However, JavaScript-based attacks, and especially, JavaScript malware are making use of more complex strategies to evade security countermeasures. In particular, obfuscation techniques, that allow a code to conceal its true nature, are making use of anti-analysis techniques. Since there is no proper deobfuscation tool which is capable of protecting the user in real-time, we wish to contribute to the user’s protection by providing her a safe browsing experience. In this article, we explain some steps we have took towards that goal: the argument of a proxy-based solution, the importance of pre-fetching and aggregating suspicious data for analysis, the implementation of a deobfuscator are some of the contributions we are developing. misc: @inproceedings{bla:jwis2010, author = {Gregory Blanc and Youki Kadobayashi}, title = {Towards Real-time JavaScript Deobfuscation for Analysis Purposes}, booktitle = {5th Joint Workshop on Information Security (JWIS 2010)}, month = {August}, year = {2010}, }