2012 | OriginalPaper | Buchkapitel
FlashDetect: ActionScript 3 Malware Detection
verfasst von : Timon Van Overveldt, Christopher Kruegel, Giovanni Vigna
Erschienen in: Research in Attacks, Intrusions, and Defenses
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Adobe Flash is present on nearly every PC, and it is increasingly being targeted by malware authors. Despite this, research into methods for detecting malicious Flash files has been limited. Similarly, there is very little documentation available about the techniques commonly used by Flash malware. Instead, most research has focused on JavaScript malware.
This paper discusses common techniques such as heap spraying, JIT spraying, and type confusion exploitation in the context of Flash malware. Where applicable, these techniques are compared to those used in malicious JavaScript. Subsequently,
FlashDetect
is presented, an offline Flash file analyzer that uses both dynamic and static analysis, and that can detect malicious Flash files using ActionScript 3.
FlashDetect
classifies submitted files using a naive Bayesian classifier based on a set of predefined features. Our experiments show that
FlashDetect
has high classification accuracy, and that its efficacy is comparable with that of commercial anti-virus products.