Evasion attacks against statistical code obfuscation detectors

Research output: Chapter in Book/Report/Conference proceedingConference contribution


In the domain of information security, code obfuscation is a feature often employed for malicious purposes. For example there have been quite a few papers reporting that obfuscated JavaScript frequently comes with malicious functionality such as redirecting to external malicious websites. In order to capture such obfuscation, a class of detectors based on statistical features of code, mostly n-grams have been proposed and been claimed to achieve high detection accuracy. In this paper, we formalize a common scenario between defenders who maintain the statistical obfuscation detectors and adversaries who want to evade the detection. Accordingly, we create two kinds of evasion attack methods and evaluate the robustness of statistical detectors under such attacks. Experimental results show that statistical obfuscation detectors can be easily fooled by a sophisticated adversary even in worst case scenarios.

Original languageEnglish
Title of host publicationAdvances in Information and Computer Security - 12th International Workshop on Security, IWSEC 2017, Proceedings
EditorsSatoshi Obana, Koji Chida
PublisherSpringer Verlag
Number of pages17
ISBN (Print)9783319641997
Publication statusPublished - 2017
Event12th International Workshop on Security, IWSEC 2017 - Hiroshima, Japan
Duration: Aug 30 2017Sept 1 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10418 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other12th International Workshop on Security, IWSEC 2017

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Evasion attacks against statistical code obfuscation detectors'. Together they form a unique fingerprint.

Cite this