{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:13:35Z","timestamp":1772039615641,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":59,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,10,27]],"date-time":"2020-10-27T00:00:00Z","timestamp":1603756800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100004801","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1703375"],"award-info":[{"award-number":["CNS-1703375"]}],"id":[{"id":"10.13039\/501100004801","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100015089","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N00014-17-1-2541"],"award-info":[{"award-number":["N00014-17-1-2541"]}],"id":[{"id":"10.13039\/100015089","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,10,27]]},"DOI":"10.1145\/3419394.3423616","type":"proceedings-article","created":{"date-parts":[[2020,10,22]],"date-time":"2020-10-22T20:30:22Z","timestamp":1603398622000},"page":"648-661","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":19,"title":["Hiding in Plain Site"],"prefix":"10.1145","author":[{"given":"Shaown","family":"Sarker","sequence":"first","affiliation":[{"name":"North Carolina State University"}]},{"given":"Jordan","family":"Jueckstock","sequence":"additional","affiliation":[{"name":"North Carolina State University"}]},{"given":"Alexandros","family":"Kapravelos","sequence":"additional","affiliation":[{"name":"North Carolina State University"}]}],"member":"320","published-online":{"date-parts":[[2020,10,27]]},"reference":[{"key":"e_1_3_2_2_1_1","volume-title":"AbdelKhalek and Ahmed Shosha. JSDES: An Automated De-Obfuscation System for Malicious JavaScript. In Proceedings of the 12th International Conference on Availability, Reliability and Security - ARES","author":"Moataz","year":"2017","unstructured":"Moataz AbdelKhalek and Ahmed Shosha. JSDES: An Automated De-Obfuscation System for Malicious JavaScript. In Proceedings of the 12th International Conference on Availability, Reliability and Security - ARES, 2017."},{"key":"e_1_3_2_2_2_1","volume-title":"Advanced Communication Technology (ICACT)","author":"Al-Taharwa I.A.","year":"2011","unstructured":"I.A. Al-Taharwa, C.H. Mao, H.K. Pao, K.P. Wu, C. Faloutsos, H.M. Lee, S.M. Chen, and A.B. Jeng. Obfuscated malicious javascript detection by causal relations finding. In Advanced Communication Technology (ICACT), 2011."},{"key":"e_1_3_2_2_3_1","volume-title":"Security and Communication Networks","author":"Taharwa Ismail Adel","year":"2015","unstructured":"Ismail Adel AL-Taharwa, Hahn-Ming Lee, Albert B. Jeng, Kuo-Ping Wu, Cheng-Seen Ho, and Shyi-Ming Chen. JSOD: JavaScript obfuscation detector. In Security and Communication Networks, 2015."},{"key":"e_1_3_2_2_4_1","unstructured":"Ariya Hidayat. ECMAScript parsing infrastructure for multipurpose analysis. https:\/\/esprima.org\/. Accessed: 11-12-2019."},{"key":"e_1_3_2_2_5_1","volume-title":"Obfuscating Programs. In Annual International Cryptology Conference","author":"Barak Boaz","year":"2001","unstructured":"Boaz Barak, Oded Goldreich, Rusell Impagliazzo, Steven Rudich, Amit Sahai, Salil Vadhan, and Ke Yang. On the (Im)possibility of Obfuscating Programs. In Annual International Cryptology Conference, 2001."},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/NTMS.2011.5720649"},{"key":"e_1_3_2_2_7_1","unstructured":"Brave Software. Features | Brave Browser. https:\/\/brave.com\/features\/. Accessed: 11-15-2019."},{"key":"e_1_3_2_2_8_1","unstructured":"Brave Software. PageGraph \u00c2\u016f brave\/brave-browser Wiki. https:\/\/github.com\/brave\/brave-browser\/wiki\/PageGraph. Accessed: 11-15-2019."},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1963405.1963436"},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-10509-8_19"},{"key":"e_1_3_2_2_11_1","volume-title":"Collberg and Clark Thomborson. Watermarking, tamper-proofing, and obfuscation-tools for software protection","author":"Christian","year":"2002","unstructured":"Christian S. Collberg and Clark Thomborson. Watermarking, tamper-proofing, and obfuscation-tools for software protection. IEEE Transactions on Software Engineering, 2002."},{"key":"e_1_3_2_2_12_1","volume-title":"RFC Editor","author":"Costello A.","year":"2003","unstructured":"A. Costello. Punycode: A Bootstring encoding of Unicode for Internationalized Domain Names in Applications (IDNA). RFC3492, RFC Editor, March 2003."},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772720"},{"key":"e_1_3_2_2_14_1","volume-title":"Proceedings of the USENIX Security Symposium","author":"Curtsinger Charlie","year":"2011","unstructured":"Charlie Curtsinger, Benjamin Livshits, Benjamin G Zorn, and Christian Seifert. Zozzle: Fast and precise in-browser javascript malware detection. In Proceedings of the USENIX Security Symposium, 2011."},{"key":"e_1_3_2_2_15_1","unstructured":"DaftLogic. daftlogic. https:\/\/www.daftlogic.com\/projects-online-javascript-obfuscator.htm. Accessed: 05-30-2020."},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-93411-2_14"},{"key":"e_1_3_2_2_17_1","volume-title":"Black Hat USA","author":"Feinstein Ben","year":"2007","unstructured":"Ben Feinstein and Daniel Peck. Caffeine monkey: Automated collection, detection and analysis of malicious javascript. In Black Hat USA, 2007."},{"key":"e_1_3_2_2_18_1","unstructured":"Github. Catapult Project. https:\/\/github.com\/catapult-project. Accessed: 11-12-2019."},{"key":"e_1_3_2_2_19_1","unstructured":"Github. CDNJS - the best front-end resource CDN for free! https:\/\/cdnjs.com\/. Accessed: 11-12-2019."},{"key":"e_1_3_2_2_20_1","volume-title":"cdnjs","year":"2019","unstructured":"Github. cdnjs September 2019 Usage Stats. https:\/\/github.com\/cdnjs\/cf-stats\/blob\/master\/2019\/cdnjs_September_2019.md. Accessed: 11-12-2019."},{"key":"e_1_3_2_2_21_1","unstructured":"Github. EScope. https:\/\/github.com\/estools\/escope. Accessed: 11-12-2019."},{"key":"e_1_3_2_2_22_1","unstructured":"Github. JavaScript Obfuscator. https:\/\/github.com\/javascript-obfuscator\/javascript-obfuscator. Accessed: 11-12-2019."},{"key":"e_1_3_2_2_23_1","unstructured":"Github. Puppeteer. https:\/\/github.com\/GoogleChrome\/puppeteer. Accessed: 11-12-2019."},{"key":"e_1_3_2_2_24_1","unstructured":"Github. UglifyJS \u00e2\u0102\u015e a JavaScript parser\/compressor\/beautifier. https:\/\/github.com\/mishoo\/UglifyJS. Accessed: 11-12-2019."},{"key":"e_1_3_2_2_25_1","unstructured":"Github. Web Page Replay. https:\/\/github.com\/catapult-project\/catapult\/tree\/master\/web_page_replay_go. Accessed: 11-12-2019."},{"key":"e_1_3_2_2_26_1","unstructured":"github.io. Chrome DevTools Protocol Viewer. https:\/\/chromedevtools.github.io\/devtools-protocol\/. Accessed: 11-12-2019."},{"key":"e_1_3_2_2_27_1","volume-title":"Sophos Technical Papers (2010)","author":"Howard F.","year":"2010","unstructured":"F. Howard. Malware with your Mocha? Obfuscation and antiemulation tricks in malicious JavaScript. In Sophos Technical Papers (2010), 2010."},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00005"},{"key":"e_1_3_2_2_29_1","unstructured":"Javascript Obfuscator. Javascript Obfuscator. https:\/\/javascriptobfuscator.com\/default.aspx. Accessed: 05-30-2020."},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.23940\/ijpe.18.12.p26.31673173"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/AISP.2015.7123508"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355599"},{"key":"e_1_3_2_2_33_1","unstructured":"Scott Kaplan Benjamin Livshits Benjamin Zorn Christian Siefert and Charlie Curtsinger. \" NOFUS: Automatically Detecting\"+ String. fromCharCode (32)+\" ObFuSCateD\". toLowerCase ()+\" JavaScript Code. In Technical report Technical Report MSR-TR 2011-57 Microsoft Research 2011."},{"key":"e_1_3_2_2_34_1","volume-title":"Proceedings of the USENIX Security Symposium","author":"Kapravelos Alexandros","year":"2013","unstructured":"Alexandros Kapravelos, Yan Shoshitaishvili, Marco Cova, Christopher Kruegel, and Giovanni Vigna. Revolver: An automated approach to the detection of evasive web-based malware. In Proceedings of the USENIX Security Symposium, 2013."},{"key":"e_1_3_2_2_35_1","unstructured":"Kaspersky. Chrome 0-day exploit cve-2019-13720 used in operation wizardopium. https:\/\/securelist.com\/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium\/94866\/. Accessed: 11-11-2019."},{"key":"e_1_3_2_2_36_1","volume-title":"International Journal of Advanced Science and Technology","author":"Kim Byung-Ik","year":"2011","unstructured":"Byung-Ik Kim, Chae-Tae Im, and Hyun-Chul Jung. Suspicious malicious web site detection with strength analysis of a javascript obfuscation. In International Journal of Advanced Science and Technology, 2011."},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052674"},{"key":"e_1_3_2_2_38_1","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"Kolbitsch Clemens","year":"2012","unstructured":"Clemens Kolbitsch, Benjamin Livshits, Benjamin Zorn, and Christian Seifert. Rozzle: De-cloaking internet malware. In Proceedings of the IEEE Symposium on Security and Privacy, 2012."},{"key":"e_1_3_2_2_39_1","volume-title":"Computer Science","author":"Li Min","year":"2016","unstructured":"Min Li, Ying Zhou, Min Yu, and Chao Liu. Combining static and dynamic analysis for the detection of malicious JavaScript-bearing PDF documents. In Computer Science, Technology and Application, 2016."},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2009.5403020"},{"key":"e_1_3_2_2_41_1","volume-title":"Lu and Saumya Debray. Automatic Simplification of Obfuscated JavaScript Code: A Semantics-Based Approach. In 2012 IEEE Sixth International Conference on Software Security and Reliability","author":"Gen","year":"2012","unstructured":"Gen Lu and Saumya Debray. Automatic Simplification of Obfuscated JavaScript Code: A Semantics-Based Approach. In 2012 IEEE Sixth International Conference on Software Security and Reliability, 2012."},{"key":"e_1_3_2_2_42_1","first-page":"14","volume":"1","author":"Battery Status API.","unstructured":"Mozilla. Battery Status API. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/Battery_Status_API. Accessed 11-14-2019.","journal-title":"API. Accessed"},{"key":"e_1_3_2_2_43_1","unstructured":"Mozilla Web Docs. Source code submission. https:\/\/developer.mozilla.org\/en-US\/docs\/Mozilla\/Add-ons\/Source_Code_Submission. Accessed: 11-09-2019."},{"key":"e_1_3_2_2_44_1","unstructured":"Mozilla Web Docs. Standard Built-in Objects. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/JavaScript\/Reference\/Global_Objects. Accessed: 11-09-2019."},{"key":"e_1_3_2_2_45_1","unstructured":"NPM. JavaScript Obfuscator. https:\/\/www.npmjs.com\/package\/javascript-obfuscator. Accessed: 11-12-2019."},{"key":"e_1_3_2_2_46_1","unstructured":"Obfuscator.io. Obfuscator.io. https:\/\/obfuscator.io\/. Accessed: 05-30-2020."},{"key":"e_1_3_2_2_47_1","series-title":"Lecture Notes in Computer Science","volume-title":"The leaking battery - A privacy analysis of the HTML5 Battery Status API","author":"Olejnik \u0141ukasz","year":"2015","unstructured":"\u0141ukasz Olejnik, Gunes Acar, Claude Castelluccia, and Claudia Diaz. The leaking battery - A privacy analysis of the HTML5 Battery Status API. Lecture Notes in Computer Science, 2015."},{"key":"e_1_3_2_2_48_1","unstructured":"Online Version. JavaScript Obfuscator. https:\/\/obfuscator.io\/. Accessed: 11-12-2019."},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3098954.3120928"},{"key":"e_1_3_2_2_50_1","volume-title":"Proceedings of the USENIX Security Symposium","author":"Provos Niels","year":"2008","unstructured":"Niels Provos, Panayiotis Mavrommatis, Moheeb Rajab, and Fabian Monrose. All your iframes point to us. In Proceedings of the USENIX Security Symposium, 2008."},{"key":"e_1_3_2_2_51_1","volume-title":"Proceedings of the USENIX Security Symposium","author":"Ratanaworabhan Paruj","year":"2009","unstructured":"Paruj Ratanaworabhan, V Benjamin Livshits, and Benjamin G Zorn. Nozzle: A defense against heap-spraying code injection attacks. In Proceedings of the USENIX Security Symposium, 2009."},{"key":"e_1_3_2_2_52_1","unstructured":"Scitki Learn Documentation. Scikit Learn DBSCAN. https:\/\/scikit-learn.org\/stable\/modules\/generated\/sklearn.cluster.DBSCAN.html#sklearn.cluster. DBSCAN. Accessed: 11-12-2019."},{"key":"e_1_3_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/3308558.3313752"},{"key":"e_1_3_2_2_54_1","unstructured":"Technology Lookup. CDN Usage Distribution in the Top 1 Million Sites. https:\/\/trends.builtwith.com\/cdn. Accessed: 11-12-2019."},{"key":"e_1_3_2_2_55_1","unstructured":"VirusTotal. Analyze suspicious files and URLs to detect types of malware automatically share them with the security community. http:\/\/mathworld.wolfram.com\/HarmonicMean.html. Accessed: 11-13-2019."},{"key":"e_1_3_2_2_56_1","unstructured":"Wolfram MathWorld. Harmonic Mean. http:\/\/mathworld.wolfram.com\/HarmonicMean.html. Accessed: 11-12-2019."},{"key":"e_1_3_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2012.6461002"},{"key":"e_1_3_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/2435349.2435364"},{"key":"e_1_3_2_2_59_1","unstructured":"ZS Wang. jfogs. https:\/\/github.com\/zswang\/jfogs. Accessed: 05-30-2020."}],"event":{"name":"IMC '20: ACM Internet Measurement Conference","location":"Virtual Event USA","acronym":"IMC '20","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication","SIGMETRICS ACM Special Interest Group on Measurement and Evaluation"]},"container-title":["Proceedings of the ACM Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3419394.3423616","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3419394.3423616","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,15]],"date-time":"2025-12-15T23:36:28Z","timestamp":1765841788000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3419394.3423616"}},"subtitle":["Detecting JavaScript Obfuscation through Concealed Browser API Usage"],"short-title":[],"issued":{"date-parts":[[2020,10,27]]},"references-count":59,"alternative-id":["10.1145\/3419394.3423616","10.1145\/3419394"],"URL":"https:\/\/doi.org\/10.1145\/3419394.3423616","relation":{},"subject":[],"published":{"date-parts":[[2020,10,27]]},"assertion":[{"value":"2020-10-27","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}