Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Partial evaluation of string obfuscations for Java malware detection
Chawdhary A., Singh R., King A. Formal Aspects of Computing29 (1):33-55,2017.Type:Article
Date Reviewed: Oct 2 2017

Cyber security has become a major concern in government, industry, and academia and in the everyday lives of individuals. How we secure our information systems and maintain the privacy and integrity of our online presence and data is a significant concern. Recent events include the Office of Personnel Management (OPM) data breach of 2015, which exposed the personal information of more than 22 million current and former federal employees. More recently, the credit reporting agency Equifax was hacked and the personal information of 143 million people was exposed.

Identifying common vulnerabilities and exposures (CVEs) and methods of exploitation can contribute to more secure systems through better-aligned antivirus products. This paper presents an experiment applying five CVEs taken from Metasploit’s Java applet malware samples and executes a “partial evaluator for Jimple focused on the Java string and reflection [application programming interface, API].” The experiment used eight separate commercial antivirus products to execute the five CVEs under four separate experimental treatments. The five CVEs included the following Java applet exploits: remote code execution, JAX WS remote code execution, JMX remote code execution, method handle remote code execution, and provider skeleton insecure invoke method. The four treatments included: no obfuscation, string obfuscation, refection obfuscation, and a combination of both string and reflection obfuscation. The results were mixed and provided a 95 percent malware detection for only one of the antivirus products, which was shown to enjoy only three percent of the antivirus commercial market.

The main contribution of the research is the development of a partial evaluator in Jimple, with an extended syntax and semantics that is described in twelve pages of detail. The experiment is of keen interest and would be of even greater research value if it were described with sufficient detail to repeat and reproduce the results.

Reviewer:  Nancy Eickelmann Review #: CR145570 (1712-0814)
Bookmark and Share
  Featured Reviewer  
 
Partial Evaluation (F.3.2 ... )
 
 
Java (D.3.2 ... )
 
 
Semantics (D.3.1 ... )
 
 
Syntax (D.3.1 ... )
 
 
Security and Protection (D.4.6 )
 
 
Security and Protection (K.6.5 )
 
  more  
Would you recommend this review?
yes
no
Other reviews under "Partial Evaluation": Date
The abstraction and instantiation of string-matching programs
Amtoft T., Consel C., Danvy O., Malmkjær K. In The essence of computation. New York, NY: Springer-Verlag New York, Inc., 2002. Type: Book Chapter
Sep 22 2003
Constraint-based partial evaluation for imperative languages
Ying J., Chengzhi J. Journal of Computer Science and Technology 17(1): 64-72, 2002. Type: Article
Apr 25 2003
Toward a complete transformational toolkit for compilers
Bergstra J., Dinesh T., Field J., Heering J. ACM Transactions on Programming Languages and Systems 19(5): 639-684, 1997. Type: Article
May 1 1998
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy