Treffer: JSimpo: Structural Deobfuscation of JavaScript Programs.

JavaScript (JS) obfuscation is now prevalent among popular websites and introduces challenges for malware detection and code review. Given an obfuscated JS program, existing deobfuscation techniques aim to recover the original JS program. However, these techniques overlook structural obfuscation (e.g., control-flow flattening), which causes deobfuscation to have a sub-optimal success rate. To address these challenges, in this article, we propose the first approach of structural deobfuscation named JSimpo for JS programs with two novel techniques: slice symbolic execution and dynamic code execution. We implement our JSimpo approach and evaluate it on 2,000 JS programs from the top 100 JS projects on GitHub. The evaluation results show that JSimpo can effectively conduct structural deobfuscation, boosting the average structural similarity to 78.41% (from 39.33%) between obfuscated programs and their original programs, whereas the best of the state-of-the-art/practice deobfuscators can achieve only 62.64%. The results also show JSimpo's generalization ability over programs obfuscated by various obfuscators. Additionally, JSimpo preserves the semantics of deobfuscated programs by passing all test cases that obfuscated programs have passed. [ABSTRACT FROM AUTHOR]

Copyright of ACM Transactions on Software Engineering & Methodology is the property of Association for Computing Machinery and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)