short-paper

Static Analysis of Malicious Java Applets

Authors:

Nikitha Ganesh,

Fabio Di Troia,

Visaggio Aaron Corrado,

Thomas H. Austin,

Mark StampAuthors Info & Claims

IWSPA '16: Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics

Pages 58 - 63

https://doi.org/10.1145/2875475.2875477

Published: 11 March 2016 Publication History

Abstract

In this research we consider the problem of detecting malicious Java applets, based on static analysis. Dynamic analysis can be more informative, since it is immune to many common obfuscation techniques, while static analysis is often more efficient, since it does not require code execution or emulation. Consequently, static analysis is generally preferred, provided the results are comparable to those obtained using dynamic analysis. We conduct experiments using three techniques that have been employed in previous studies of metamorphic malware. We show that our static approach can detect malicious Java applets with greater accuracy than previously published research that relied on dynamic analysis.

References

[1]

J. Aycock. Computer Viruses and Malware. Springer, 2006.

Digital Library

[2]

D. Baysa, R. M. Low, and M. Stamp. Structural entropy and metamorphic malware. Journal of Computer Virology and Hacking Techniques, 9(4):179--192, 2013.

[3]

E. S. Boese. An Introduction to Programming with Java Applets. Jones & Bartlett, 2009.

Digital Library

[4]

J. Borello and L. Me. Code obfuscation techniques for metamorphic viruses. Journal in Computer Virology, 4(3):211--220, 2008.

[5]

A. P. Bradley. The use of the area under the ROC curve in the evaluation of machine learning algorithms. Pattern Recognition, 30(7):1145--1159, 1997.

Digital Library

[6]

Contagio Malware Dump. http://contagiodump.blogspot.com/. Accessed 2016--1--11.

[7]

P. Deshpande. Metamorphic detection using function call graph analysis. Submitted.

[8]

M. D. Ernst. Static and dynamic analysis: Synergy and duality. https://homes.cs.washington.edu/ mernst/pubs/staticdynamic-woda2003.pdf. Accessed 2016--1--11.

[9]

N. Ganesh. Static analysis of malicious Java applets. Master's thesis, San Jose State University, 2015.

[10]

J. Gassen and J. P. Chapman. Honeyagent: Detecting malicious Java applets by using dynamic analysis. In Proceeding of the 9th International Conference on Malicious and Unwanted Software, 2014.

[11]

T. Jakobsen. A fast method for the cryptanalysis of substitution ciphers. Cryptologia, 19:265--274, 1995.

[12]

D. Lin and M. Stamp. Hunting for undetectable metamorphic viruses. Journal in Computer Virology, 3(2011):201--214, 7.

Digital Library

[13]

Y. Park, D. S. Reeves, and M. Stamp. Deriving common malware behavior through graph clustering. Computers & Security, 39(B):419--430, 2013.

Digital Library

[14]

L. R. Rabiner. A tutorial on hidden Markov models and selected applications in speech recognition. Proceedings of the IEEE, 77(2):257--286, 1989.

[15]

N. Runwal, R. M. Low, and M. Stamp. Opcode graph similarity and metamorphic detection. Journal in Computer Virology, 8(1--2):37--52, 2012.

Digital Library

[16]

G. Shanmugam, R. M. Low, and M. Stamp. Simple substitution distance and metamorphic detection. Journal of Computer Virology and Hacking Techniques, 9(3):159--170, 2013.

Digital Library

[17]

S. M. Sridhara and M. Stamp. Metamorphic worm that carries its own morphing engine. Journal of Computer Virology and Hacking Techniques, 9(2):49--58, 2013.

Digital Library

[18]

M. Stamp. A revealing introduction to hidden Markov models. http://www.cs.sjsu.edu/ stamp/RUA/HMM.pdf. Accessed 2016--1--11.

[19]

A. H. Toderici and M. Stamp. Chi-squared distance and metamorphic virus detection. Journal of Computer Virology and Hacking Techniques, 9(1):1--14, 2013.

Digital Library

[20]

S. Venkatachalam and M. Stamp. Detecting undetectable metamorphic viruses. In Proceedings of 2011 International Conference on Security & Management, pages 340--345, 2011.

[21]

VirusTotal. https://www.virustotal.com/. Accessed 2016--1--11.

[22]

W. Wong and M. Stamp. Hunting of metamorphic engines. Journal in Computer Virology, 2(3):211--229, 2006.

Cited By

Kara IAydos M(2022)The rise of ransomwareExpert Systems with Applications: An International Journal10.1016/j.eswa.2021.116198190:COnline publication date: 9-Apr-2022
https://dl.acm.org/doi/10.1016/j.eswa.2021.116198
Singh AGoyal N(2019)A Comparison of Machine Learning Attributes for Detecting Malicious Websites2019 11th International Conference on Communication Systems & Networks (COMSNETS)10.1109/COMSNETS.2019.8711133(352-358)Online publication date: Jan-2019
https://doi.org/10.1109/COMSNETS.2019.8711133
Atapour-Abarghouei ABonner SMcGough A(2019)Volenti non fit injuria: Ransomware and its Victims2019 IEEE International Conference on Big Data (Big Data)10.1109/BigData47090.2019.9006298(4701-4707)Online publication date: Dec-2019
https://doi.org/10.1109/BigData47090.2019.9006298
Show More Cited By

Index Terms

Static Analysis of Malicious Java Applets

Index terms have been assigned to the content through auto-classification.

Recommendations

Malware Detection Using Dynamic Birthmarks
IWSPA '16: Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics

In this paper, we compare the effectiveness of Hidden Markov Models (HMMs) with that of Profile Hidden Markov Models (PHMMs), where both are trained on sequences of API calls. We compare our results to static analysis using HMMs trained on sequences of ...
Jarhead analysis and detection of malicious Java applets
ACSAC '12: Proceedings of the 28th Annual Computer Security Applications Conference

Java applets have increasingly been used as a vector to deliver drive-by download attacks that bypass the sandboxing mechanisms of the browser's Java Virtual Machine and compromise the user's environment. Unfortunately, the research community has not ...
A java toolkit for teaching distributed algorithms
ITiCSE '02: Proceedings of the 7th annual conference on Innovation and technology in computer science education

We present a toolkit for developing and visualizing distributed algorithms in Java. This toolkit consists of a Java class library with a simple programming interface that allows to develop distributed algorithms in a message passing model. The resulting ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

IWSPA '16: Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics

March 2016

76 pages

ISBN:9781450340779

DOI:10.1145/2875475

General Chair:
Rakesh Verma
University of Houston, USA
,
Program Chairs:
Michael Rusinowitch
LORIA -- INRIA Nancy Grand-Est, France
,
Rakesh Verma
University of Houston, USA

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 March 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

CODASPY'16

Sponsor:

SIGSAC

CODASPY'16: Sixth ACM Conference on Data and Application Security and Privacy

March 11, 2016

Louisiana, New Orleans, USA

Acceptance Rates

IWSPA '16 Paper Acceptance Rate 6 of 20 submissions, 30%;

Overall Acceptance Rate 18 of 58 submissions, 31%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
159
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Kara IAydos M(2022)The rise of ransomwareExpert Systems with Applications: An International Journal10.1016/j.eswa.2021.116198190:COnline publication date: 9-Apr-2022
https://dl.acm.org/doi/10.1016/j.eswa.2021.116198
Singh AGoyal N(2019)A Comparison of Machine Learning Attributes for Detecting Malicious Websites2019 11th International Conference on Communication Systems & Networks (COMSNETS)10.1109/COMSNETS.2019.8711133(352-358)Online publication date: Jan-2019
https://doi.org/10.1109/COMSNETS.2019.8711133
Atapour-Abarghouei ABonner SMcGough A(2019)Volenti non fit injuria: Ransomware and its Victims2019 IEEE International Conference on Big Data (Big Data)10.1109/BigData47090.2019.9006298(4701-4707)Online publication date: Dec-2019
https://doi.org/10.1109/BigData47090.2019.9006298
Jha PShankar PSujadevi VPrabhaharan P(2019)DeepMal4J: Java Malware Detection Employing Deep LearningSecurity in Computing and Communications10.1007/978-981-13-5826-5_30(389-402)Online publication date: 24-Jan-2019
https://doi.org/10.1007/978-981-13-5826-5_30
Mohd Rum SMd Sultan AYaakob RPerumal T(2018)Asynchronous Web Technology in Online Counselling SystemIndian Journal of Science and Technology10.17485/ijst/2018/v11i20/12334911:20(1-9)Online publication date: 1-May-2018
https://doi.org/10.17485/ijst/2018/v11i20/123349
Dhanasekar DDi Troia FPotika KStamp M(2018)Detecting Encrypted and Polymorphic Malware Using Hidden Markov ModelsGuide to Vulnerability Analysis for Computer Networks and Systems10.1007/978-3-319-92624-7_12(281-299)Online publication date: 5-Sep-2018
https://doi.org/10.1007/978-3-319-92624-7_12
Alkhateeb E(2017)Dynamic Malware Detection Using API Similarity2017 IEEE International Conference on Computer and Information Technology (CIT)10.1109/CIT.2017.14(297-301)Online publication date: Aug-2017
https://doi.org/10.1109/CIT.2017.14
Mohammadi MHamzeh A(2017)Proposing an efficient approach for malware clustering2017 Artificial Intelligence and Signal Processing Conference (AISP)10.1109/AISP.2017.8324094(262-267)Online publication date: Oct-2017
https://doi.org/10.1109/AISP.2017.8324094
Ganesh NDi Troia FCorrado VAustin TStamp M(2016)Static Analysis of Malicious Java AppletsProceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics - IWSPA '1610.1145/2875475.2875477(58-63)Online publication date: 2016
https://doi.org/10.1145/2875475.2875477

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten