Paper Info
Title
FlashDetect: actionscript 3 malware detection
Abstract
Adobe Flash is present on nearly every PC, and it is increasingly being targeted by malware authors. Despite this, research into methods for detecting malicious Flash files has been limited. Similarly, there is very little documentation available about the techniques commonly used by Flash malware. Instead, most research has focused on JavaScript malware. This paper discusses common techniques such as heap spraying, JIT spraying, and type confusion exploitation in the context of Flash malware. Where applicable, these techniques are compared to those used in malicious JavaScript. Subsequently, FlashDetect is presented, an offline Flash file analyzer that uses both dynamic and static analysis, and that can detect malicious Flash files using ActionScript 3. FlashDetect classifies submitted files using a naive Bayesian classifier based on a set of predefined features. Our experiments show that FlashDetect has high classification accuracy, and that its efficacy is comparable with that of commercial anti-virus products.
Year
DOI
Venue
2012
10.1007/978-3-642-33338-5_14
RAID
Keywords
Field
DocType
malware author,malware detection,flash malware,adobe flash,malicious javascript,malicious flash,offline flash file analyzer,common technique,javascript malware,commercial anti-virus product,malicious flash file
Confusion,Heap spraying,Computer science,Computer security,JIT spraying,Static analysis,ActionScript,Malware,Documentation,JavaScript
Conference
Citations 
PageRank 
References 
3
0.40
7
Authors
3
Name
Order
Citations
PageRank
Timon Van Overveldt1131.30
Christopher Kruegel28799516.05
Giovanni Vigna37121507.72