Publication Date

Spring 5-22-2017

Degree Type

Master's Project

Degree Name

Master of Science (MS)

Department

Computer Science

First Advisor

Thomas Austin

Second Advisor

Mark Stamp

Third Advisor

Robert Chun

Abstract

Many websites use JavaScript to display dynamic and interactive content. Hence, attackers are developing JavaScript–based malware. In this paper, we focus on Transcriptase JavaScript malware.

The high–level and dynamic nature of the JavaScript language helps malware writers to create polymorphic and metamorphic malware using obfuscation techniques. These types of malware change their internal structure on each infection, making them difficult to detect with traditional methods. These types of malware can be detected using machine learning methods.

This project creates Transcriptase–Light, a new polymorphic construction kit. We perform an experiment with the Transcriptase–Light against a hidden Markov model. Our experiment shows that the HMM based detector failed in detecting Transcriptase–Light. After observing the results, we try to detect malware using the decryption part of Transcriptase–Light. To avoid detection, we generate the polymorphic version of the decryption part.

Share

COinS