Browser tool aims to help researchers ID malicious websites, code

Researchers at North Carolina State University have developed an open-source tool that allows users to track and record the behavior of JavaScript programs without alerting the websites that run those programs. The tool, called VisibleV8, runs in the Chrome browser and is designed to detect malicious programs that are capable of evading existing malware detection systems.

"When you go to most websites, your browser starts running the site's JavaScript programs pretty much immediately -- and you have little or no idea of what that JavaScript is doing," says Alexandros Kapravelos, co-author of a paper on VisibleV8. "Previous state-of-the-art malware detection systems rely on making changes to JavaScript code to see how the code is being executed. But this approach is easily detected, allowing malware programs to alter their behavior to avoid being identified as malicious."

VisibleV8 runs in the browser itself, recording how JavaScript is executed; it doesn't interact with the code and, as a result, is far more difficult to detect, he says.

VisibleV8 saves all the data on how a site is using JavaScript, creating a "behavior profile" for the site. That profile, and all the supporting data, can then be used by researchers to identify both malicious websites and the various ways that JavaScript is used to compromise web browsers and user information.

"We've created a stealthy tool for monitoring JavaScript," Kapravelos says. "We're now making it open source, in hopes that it will be useful to anyone doing research on web privacy and security."

VisibleV8 can be downloaded from Kapravelos' site at http://kapravelos.com/projects/vv8.

The paper, "VisibleV8: In-browser Monitoring of JavaScript in the Wild," was presented at the ACM Internet Measurement Conference 2019, held October 21-23 in Amsterdam, the Netherlands.

The research is funded by NSF's Directorate for Computer & Information Science & Engineering.