This repo contains the data from our submission titled "Wobfuscator: Obfuscating JavaScript Malware via Opportunistic Translation to WebAssembly".
The detectors we compare against in our paper (Cujo, Zozzle, JaSt, and JStap) are trained against a set of benign and malicious samples. Our benign samples come from the 150k Javascript Dataset dataset made public by ETH Zürich. The malicious samples come from three datasets. Two datasets are made available: the Javascript Malware Collection by HynekPetrak and the Malicious Javascript Dataset by GeeksOnSecurity. The third dataset is provided by VirusTotal. This dataset can be obtained by requesting it from them.
We provide the detection results obtained by applying different combinations of our transformation rules against each of the detection tools described in the paper. The results are in the Data
directory in CSV and Excel format.
In our correctness validation and efficiency measurement, we use the following npm modules:
We provide these packages with the translations applied under the Projects
directory. These packages have had the library files (and test files for node-fetch) transformed using all of the transformation rules. The following directories of each project are where the library files are located (and where our transformations are applied):
- Lodash:
.internal
- Chalk:
source
- Commander.js:
index.js
- Debug:
src
- Async:
lib/internal
- Node-Fetch:
src
,test
For each of these locations, we also provide the original, unobfuscated library files in directories with _original
appended to the names above, e.g. .internal_original
for lodash.