摘要
随着javascript代码混淆技术的迅速发展,让夹杂在WEB应用中恶意脚本逃避检测的能力变得越来越突出,风险隐患越来越大。本文主要分析了当前常见的javascript代码混淆方式,按它们所采用的技术手段尝试对其做了简单的分类,对混淆检测方法提出一些改进。同时基于编译器实现了一个简易的javascript反混淆算法,从测试结果来看它应该能够为Javascript脚本混淆检测的优化提供一定的帮助。
With the rapid development of the obfuscation technology of JavaScript code,the ability of malicious scripts embedded in WEB applications to evade detection has become more and more prominent,and the potential risks have become greater and greater.This paper mainly analyzes some JavaScript code obfuscation methods commonly used now and tries to provide simple classification based on the technical means adopted.Some improvements are suggested to the obfuscation detection methods.In addition,a simple JavaScript de-obfuscating algorism is implemented based on the compiler and it can be told from the test results that the algorism should be able to provide some help for the optimization of JavaScript obfuscation detection。
作者
崔莹
CUI Ying(Department of Information Engineering,Tongling Polytechnic,Tongling 244061,Anhui)
出处
《集宁师范学院学报》
2020年第3期7-11,共5页
Journal of Jining Normal University
基金
安徽省高等学校质量工程项目“Javascript前端开发”(2018mooc230)
铜陵职业技术学院自然科研项目“基于机器学习javascript检测”(tlpt2019NK004)。
