Static Analysis of Malicious Java Applets

Abstract

In this research we consider the problem of detecting malicious Java applets, based on static analysis. Dynamic analysis can be more informative, since it is immune to many common obfuscation techniques, while static analysis is often more efficient, since it does not require code execution or emulation. Consequently, static analysis is generally preferred, provided the results are comparable to those obtained using dynamic analysis. We conduct experiments using three techniques that have been employed in previous studies of metamorphic malware. We show that our static approach can detect malicious Java applets with greater accuracy than previously published research that relied on dynamic analysis.