{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T17:10:21Z","timestamp":1743009021454,"version":"3.40.3"},"publisher-location":"Cham","reference-count":36,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031757631"},{"type":"electronic","value":"9783031757648"}],"license":[{"start":{"date-parts":[[2024,10,17]],"date-time":"2024-10-17T00:00:00Z","timestamp":1729123200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,10,17]],"date-time":"2024-10-17T00:00:00Z","timestamp":1729123200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-75764-8_11","type":"book-chapter","created":{"date-parts":[[2024,10,22]],"date-time":"2024-10-22T11:03:12Z","timestamp":1729594992000},"page":"205-225","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["JSHint: Revealing API Usage to\u00a0Improve Detection of\u00a0Malicious JavaScript"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-6700-5824","authenticated-orcid":false,"given":"Shaown","family":"Sarker","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0007-6039-5883","authenticated-orcid":false,"given":"Kasimir","family":"Schulz","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0001-3759-993X","authenticated-orcid":false,"given":"Aleksandr","family":"Nahapetyan","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8961-9963","authenticated-orcid":false,"given":"Anupam","family":"Das","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8839-8521","authenticated-orcid":false,"given":"Alexandros","family":"Kapravelos","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,10,17]]},"reference":[{"key":"11_CR1","doi-asserted-by":"crossref","unstructured":"AbdelKhalek, M., Shosha, A.: JSDES: an automated de-obfuscation system for malicious javascript. In: Proceedings of the 12th International Conference on Availability, Reliability and Security - ARES (2017)","DOI":"10.1145\/3098954.3107009"},{"key":"11_CR2","unstructured":"Al-Taharwa, I.A., et al.: Obfuscated malicious javascript detection by causal relations finding. In: Advanced Communication Technology (ICACT) (2011)"},{"key":"11_CR3","unstructured":"anseki. gnirts: Obfuscate string literals in JavaScript code. https:\/\/github.com\/anseki\/gnirts. Accessed: 14 Mar 2023"},{"key":"11_CR4","unstructured":"Bielik, P., Raychev, V., Vechev, M.: Programming with \u201cbig code\u201d: lessons, techniques and applications. In: 1st Summit on Advances in Programming Languages (SNAPL 2015). Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik (2015)"},{"key":"11_CR5","doi-asserted-by":"crossref","unstructured":"Blanc, G., Ando, R., Kadobayashi, Y.: Term-Rewriting deobfuscation for static client-side scripting malware detection. In: Mobility and Security (NTMS) (2011)","DOI":"10.1109\/NTMS.2011.5720649"},{"key":"11_CR6","doi-asserted-by":"crossref","unstructured":"Canali, D., Cova, M., Vigna, G., Kruegel, C.: Prophiler : a fast filter for the large-scale detection of malicious web pages categories and subject descriptors. In: Proceedings of the International World Wide Web Conference (WWW) (2011)","DOI":"10.1145\/1963405.1963436"},{"key":"11_CR7","doi-asserted-by":"crossref","unstructured":"Cova, M., Kruegel, C., Vigna, G.: Detection and analysis of drive-by-download attacks and malicious JavaScript code. In: Proceedings of the International World Wide Web Conference (WWW) (2010)","DOI":"10.1145\/1772690.1772720"},{"key":"11_CR8","unstructured":"Curtsinger, C., Livshits, B., Zorn, B., Seifert, C.: ZOZZLE: fast and precise In-Browser JavaScript malware detection. In: 20th USENIX Security Symposium (USENIX Security 11), San Francisco, CA, USENIX Association (2011)"},{"key":"11_CR9","unstructured":"daftlogic.com. daft-logic: JavaScript Obfuscator. https:\/\/www.daftlogic.com\/projects-online-javascript-obfuscator.htm. Accessed 14 Mar 2023"},{"key":"11_CR10","unstructured":"ECMA International. Ecmascript language specification. Standard ECMA-262 (2011)"},{"key":"11_CR11","unstructured":"estools. Escope (escope) is ECMAScript scope analyzer extracted from esmangle project. https:\/\/github.com\/estools\/escope. Accessed 14 Mar 2023"},{"key":"11_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"303","DOI":"10.1007\/978-3-319-93411-2_14","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"A Fass","year":"2018","unstructured":"Fass, A., Krawczyk, R.P., Backes, M., Stock, B.: JaSt: fully syntactic detection of malicious (Obfuscated) JavaScript. In: Giuffrida, C., Bardin, S., Blanc, G. (eds.) DIMVA 2018. LNCS, vol. 10885, pp. 303\u2013325. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-93411-2_14"},{"key":"11_CR13","unstructured":"Feinstein, B., Peck, D.: Caffeine monkey: Automated collection, detection and analysis of malicious javascript. In: Black Hat USA (2007)"},{"key":"11_CR14","unstructured":"Howard, F.: Malware with your Mocha? obfuscation and antiemulation tricks in malicious JavaScript. In: Sophos Technical Papers (2010)"},{"key":"11_CR15","unstructured":"https:\/\/github.com\/javascript-obfuscator\/javascript-obfuscator . JavaScript Obfuscator. https:\/\/obfuscator.io\/. Accessed 14 Mar 2023"},{"key":"11_CR16","unstructured":"HynekPetrak. HynekPetrak - JavaScript malware collection. https:\/\/github.com\/HynekPetrak\/javascript-malware-collection. Accessed 14 Mar 2023"},{"key":"11_CR17","unstructured":"javascriptobfuscator.com. javascript-obfuscator: The Most Secure Way to Protect JavaScript Code. https:\/\/javascriptobfuscator.com\/. Accessed 14 Mar 2023"},{"key":"11_CR18","unstructured":"Kapravelos, A., Shoshitaishvili, Y., Cova, M., Kruegel, C., Vigna, G.: Revolver: an automated approach to the detection of evasive web-based malware. In: Proceedings of the USENIX Security Symposium (2013)"},{"key":"11_CR19","unstructured":"Kaspersky. Chrome 0-day exploit cve-2019-13720 used in operation wizardopium. https:\/\/securelist.com\/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium\/94866\/. Accessed 11 Nov 2022"},{"key":"11_CR20","unstructured":"Kim, B.I., Im, C.T., Jung, H.C.: Suspicious malicious web site detection with strength analysis of a javascript obfuscation. In: Int. J. Adv. Sci. Technol. (2011)"},{"key":"11_CR21","doi-asserted-by":"crossref","unstructured":"Kolbitsch, C., Livshits, B., Zorn, B., Seifert, C.: Rozzle: de-cloaking internet malware. In: Proceedings of the IEEE Symposium on Security and Privacy (2012)","DOI":"10.1109\/SP.2012.48"},{"key":"11_CR22","doi-asserted-by":"crossref","unstructured":"Li, Z., Chen, Q.A., Xiong, C., Chen, Y., Zhu, T., Yang, H.: Effective and light-weight deobfuscation and semantic-aware attack detection for powershell scripts. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2019)","DOI":"10.1145\/3319535.3363187"},{"key":"11_CR23","doi-asserted-by":"crossref","unstructured":"Likarish, P., Jung, E., Jo, I.: Obfuscated malicious javascript detection using classification techniques. In: 2009 4th International Conference on Malicious and Unwanted Software (MALWARE) (2009)","DOI":"10.1109\/MALWARE.2009.5403020"},{"key":"11_CR24","doi-asserted-by":"crossref","unstructured":"Liu, C., Xia, B., Yu, M., Liu, Y.: PSDEM: a feasible de-obfuscation method for malicious powershell detection. In: 2018 IEEE Symposium on Computers and Communications (ISCC) (2018)","DOI":"10.1109\/ISCC.2018.8538691"},{"key":"11_CR25","doi-asserted-by":"crossref","unstructured":"Lu, G., Debray, S.: Automatic simplification of obfuscated javascript code: a semantics-based approach. In: 2012 IEEE Sixth International Conference on Software Security and Reliability (2012)","DOI":"10.1109\/SERE.2012.13"},{"key":"11_CR26","unstructured":"metaes.org. MetaES: JavaScript metacircular interpreter. https:\/\/github.com\/metaes\/metaes. Accessed 14 Mar 2023"},{"key":"11_CR27","doi-asserted-by":"crossref","unstructured":"Moog, M., Demmel, M., Backes, M., Fass, A.: Statically detecting javascript obfuscation and minification techniques in the wild. In: 2021 51st Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN) (2021)","DOI":"10.1109\/DSN48987.2021.00065"},{"key":"11_CR28","unstructured":"Palo\u00a0Alto Networks. Malicious javascript injection campaign infects 51k websites. https:\/\/unit42.paloaltonetworks.com\/malicious-javascript-injection\/. Accessed 11 Nov 2022"},{"key":"11_CR29","unstructured":"npmjs.com. esvalidate - ecmascript validator. https:\/\/www.npmjs.com\/package\/esvalidate. Accessed 14 Mar 2023"},{"key":"11_CR30","unstructured":"rapid7. jsobfu: ruby-based JavaScript obfuscator. https:\/\/github.com\/rapid7\/jsobfu. Accessed 14 Mar 2023"},{"key":"11_CR31","doi-asserted-by":"crossref","unstructured":"Raychev, V., Vechev, M., Krause, A.: Predicting program properties from \u201cbig code\u201d. ACM SIGPLAN Notices ( 2015)","DOI":"10.1145\/2775051.2677009"},{"key":"11_CR32","unstructured":"relative. Syncrhony - JavaScript cleaner & deobfuscator. https:\/\/github.com\/relative\/synchrony. Accessed 14 Mar 2023"},{"key":"11_CR33","doi-asserted-by":"crossref","unstructured":"Sarker, S., Jueckstock, J., Kapravelos, A.: Hiding in plain site: Detecting javascript obfuscation through concealed browser API usage. In: ACM-IMC (2020)","DOI":"10.1145\/3419394.3423616"},{"key":"11_CR34","doi-asserted-by":"crossref","unstructured":"Skolka, P., Staicu, C-A., Pradel, M.: Anything to hide? studying minified and obfuscated code in the web. In: Proceedings of the International World Wide Web Conference (WWW) (2019)","DOI":"10.1145\/3308558.3313752"},{"key":"11_CR35","doi-asserted-by":"crossref","unstructured":"Xu, W., Zhang, F., Zhu, S.: Jstill: mostly static detection of obfuscated malicious javascript code. In: Proceedings of the third ACM Conference on Data and Aplication Security and Privacy - CODASPY (2013)","DOI":"10.1145\/2435349.2435364"},{"key":"11_CR36","unstructured":"zswang. jfogs: Javascript code obfuscator. https:\/\/github.com\/zswang\/jfogs. Accessed 14 Mar 2023"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-75764-8_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,22]],"date-time":"2024-10-22T11:07:25Z","timestamp":1729595245000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-75764-8_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,17]]},"ISBN":["9783031757631","9783031757648"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-75764-8_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024,10,17]]},"assertion":[{"value":"17 October 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ISC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Arlington, VA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 October 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 October 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"isw2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/isc24.cs.gmu.edu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}