摘要
首先综述JavaScript代码混淆的各种技术和方法。在分析JavaScript代码混淆特征的基础上,提出一种基于字符熵和Ngram方法相结合的快速自动检测方法。实验表明,N-gram方法取不同N时的字符串熵对代码是否混淆均具有明显的区分能力。通过大量随机爬取的JS代码分析测试,该方法可快速完成JavaScript代码混淆的自动检测,有助于更深入分析Java Script恶意代码。
The techniques and methods of JavaScript obfuscation are overviewed firstly in this paper. Based on analysing the specifications of JavaScript obfuscation, we propose a fast automatic detection scheme which is based on the combination of character entropy and N-gram approaches. Experiments show that the character string entropy has clear distinguishing ability in whether or not the JavaScript codes are obfuscatedwhen employing different values of the parameter N in N-gram. By analysing and testing a great deal of JS codes stochastically crawled, the proposed scheme is demonstrated to be able to fast complete automatic JavaScript obfuscation detection, and is conducive to more thorough analysing JaveScript malicious code.
出处
《计算机应用与软件》
CSCD
2015年第1期309-312,共4页
Computer Applications and Software