2014 • In Proc. of the 17th Intl. Workshop on Nature Inspired Distributed Computing (NIDISC 2014), part of the 28th IEEE/ACM Intl. Parallel and Distributed Processing Symposium (IPDPS 2014)
[en] With the advent of the Cloud Computing (CC) paradigm and the explosion of new Web Services proposed over the Internet (such as Google Office Apps, Dropbox or Doodle), the protection of the programs at the heart of these services becomes more and more crucial, especially for the companies making business on top of these services. The majority of these services are now using the JavaScript programming language to interact with the user as all modern web browsers – either on desktops, game consoles, tablets or smart phones – include JavaScript interpreters making it the most ubiquitous programming language in history. This context renew the interest of obfuscation techniques, i.e. to render a program "unintelligible" without altering its functionality. The objective is to prevent the reverse-engineering on the program for a certain period of time – an absolute protection by this way being unrealistic since stand-alone obfuscation for arbitrary programs has been proven impossible in 2001. In [11], we have presented JSHADOBF, an obfuscation framework based on evolutionary heuristics designed to optimize for a given input JavaScript program, the sequence of transformations that should be applied to the source code to improve its obfuscation capacity. Measuring this capacity is based on the combination of several metrics optimized simultaneously with Multi-Objective Evolutionary Algorithms (MOEAs). In this paper, we extend and complete the experiments made around JSHADOBF to ana- lyze the impact of the underlying Multi-Objective Evolutionary Algorithms (MOEAs) algorithm onto the obfuscation process. In particular, we compare the performances of NSGA-II and MOEAD (two reference algorithms in the optimization domain) on top of JSHADOBF to first obfuscate a pedagogical program inherited from linear algebra, then one of the most popular and widely used JavaScript library: JQuery.
Research center :
ULHPC - University of Luxembourg: High Performance Computing
Disciplines :
Computer science
Author, co-author :
Bertholon, Benoit ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Varrette, Sébastien ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Bouvry, Pascal ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Language :
English
Title :
Comparison of Multi-objective Optimization Algorithms for the JShadObf JavaScript Obfuscator
Publication date :
May 2014
Event name :
17th Intl. Workshop on Nature Inspired Distributed Computing (NIDISC 2014)
Event place :
Phoenix, United States - Arizona
Event date :
May 2014
Audience :
International
Main work title :
Proc. of the 17th Intl. Workshop on Nature Inspired Distributed Computing (NIDISC 2014), part of the 28th IEEE/ACM Intl. Parallel and Distributed Processing Symposium (IPDPS 2014)
Publisher :
IEEE Computer Society, Phoenix, Arizona, USA, Unknown/unspecified
B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan, and K. Yang, "On the (im)possibility of obfuscating programs," 2001.
B. Bertholon, S. Varrette, and P. Bouvry, "JShadObf: A JavaScript Obfuscator based on Multi-objective Optimization Algorithms," in Proc. of the IEEE Intl. Conf. on Network and System Security (NSS 2013). Madrid, Spain: IEEE Computer Society, June 2013.
H.-C. J. Byung-Ik Kim, Chae-Tae Im, "Suspicious malicious web site detection with strength analysis of a javascript obfuscation," International Journal of Advanced Science and Technology.
C. Collberg and J. Nagra, Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Addison-Wesley Professional, 2009.
C. Darwin, The Origin of Species. John Murray, 1859.
K. Deb, S. Agrawal, A. Pratap, and T. Meyarivan, "A fast elitist non-dominated sorting genetic algorithm for multi-objective optimization: Nsga-ii." Springer, 2000, pp. 849-858.
"A fast elitist multiobjective genetic algorithm : Nsgaii," IEEE Transactions on Evolutionary Computation, vol. Vol 6, No 2, 2002.
B. Feinstein and D. Peck, "Caffeine monkey: Automated collection, detection and analysis of malicious javascript," in DEFCON 15, 2007.
D. Flanagan, JavaScript: The Definitive Guide Activate Your Web Pages, 6th ed. O'Reilly Media, Inc., 2011.
M. H. Halstead, "Elements of software science," 1977.
W. A. Harrison and K. I. Magel, "A complexity measure based on nesting level," SIGPLAN Notices, vol. 16(3):63-74, 1981.
S. Henry and D. Kafura, "Software structure metrics based on information flow," IEEE Transactions on Software Engineering, vol. Vol SE-7 , No 5, 1981.
E. C. M. A. International, ECMA-262: ECMAScript Language Specification, 3rd ed. Geneva, Switzerland: ECMA (European Association for Standardizing Information and Communication Systems), Dec. 1999. [Online Available: http://www. ecma-international.org/publications/standards/Ecma-327.htm
H. Li and Q. Zhang, "Multiobjective Optimization Problems With Complicated Pareto Sets, MOEA/D and NSGA-II," IEEE Transactions on Evolutionary Computation, vol. 13, no. 2, pp. 229-242, April 2009.
T. J. McCabe, "A complexity measure," IEEE Transactions on Software engineering, vol. Vol SE-2, No 4, 1976.
E. I. Oviedo, "Control flow, data flow, and program complexity," Proceedings of IEEE COMPSAC, pp. 146-152, 1980.
T. J. Parr, T. J. Parr, and R. W. Quong, "Antlr: A predicated-ll(k) parser generator," 1995. [Online Available: http://www.antlr.org/
C. R. Reeves and J. E. Rowe, Genetic algorithms: principles and perspectives. A guide to GA theory. Kluwer Academic Publishers, 2003.