{"id":"https://openalex.org/W3094180604","doi":"https://doi.org/10.1145/3419394.3423616","title":"Hiding in Plain Site","display_name":"Hiding in Plain Site","publication_year":2020,"publication_date":"2020-10-22","ids":{"openalex":"https://openalex.org/W3094180604","doi":"https://doi.org/10.1145/3419394.3423616","mag":"3094180604"},"language":"en","primary_location":{"id":"doi:10.1145/3419394.3423616","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3419394.3423616","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Internet Measurement Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5044901966","display_name":"Shaown Sarker","orcid":null},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Shaown Sarker","raw_affiliation_strings":["North Carolina State University"],"affiliations":[{"raw_affiliation_string":"North Carolina State University","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087177121","display_name":"Jordan Jueckstock","orcid":null},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jordan Jueckstock","raw_affiliation_strings":["North Carolina State University"],"affiliations":[{"raw_affiliation_string":"North Carolina State University","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5041544321","display_name":"Alexandros Kapravelos","orcid":"https://orcid.org/0000-0002-8839-8521"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Alexandros Kapravelos","raw_affiliation_strings":["North Carolina State University"],"affiliations":[{"raw_affiliation_string":"North Carolina State University","institution_ids":["https://openalex.org/I137902535"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5044901966"],"corresponding_institution_ids":["https://openalex.org/I137902535"],"apc_list":null,"apc_paid":null,"fwci":3.2028,"has_fulltext":false,"cited_by_count":19,"citation_normalized_percentile":{"value":0.93430712,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"648","last_page":"661"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.8566312789916992},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8413760662078857},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.8350926637649536},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.6918717622756958},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.6043715476989746},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.49762824177742004},{"id":"https://openalex.org/keywords/static-program-analysis","display_name":"Static program analysis","score":0.4721163511276245},{"id":"https://openalex.org/keywords/filter","display_name":"Filter (signal processing)","score":0.4533866345882416},{"id":"https://openalex.org/keywords/client-side-scripting","display_name":"Client-side scripting","score":0.45280057191848755},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4317772388458252},{"id":"https://openalex.org/keywords/web-browser","display_name":"Web browser","score":0.4265681505203247},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3763435184955597},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.3303431272506714},{"id":"https://openalex.org/keywords/web-api","display_name":"Web API","score":0.28722962737083435},{"id":"https://openalex.org/keywords/web-server","display_name":"Web server","score":0.2553189992904663},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.2517697215080261},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.2421075999736786}],"concepts":[{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.8566312789916992},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8413760662078857},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.8350926637649536},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.6918717622756958},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.6043715476989746},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.49762824177742004},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.4721163511276245},{"id":"https://openalex.org/C106131492","wikidata":"https://www.wikidata.org/wiki/Q3072260","display_name":"Filter (signal processing)","level":2,"score":0.4533866345882416},{"id":"https://openalex.org/C195274430","wikidata":"https://www.wikidata.org/wiki/Q1650567","display_name":"Client-side scripting","level":5,"score":0.45280057191848755},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4317772388458252},{"id":"https://openalex.org/C2983909278","wikidata":"https://www.wikidata.org/wiki/Q6368","display_name":"Web browser","level":3,"score":0.4265681505203247},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3763435184955597},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.3303431272506714},{"id":"https://openalex.org/C127613066","wikidata":"https://www.wikidata.org/wiki/Q557770","display_name":"Web API","level":4,"score":0.28722962737083435},{"id":"https://openalex.org/C11392498","wikidata":"https://www.wikidata.org/wiki/Q11288","display_name":"Web server","level":3,"score":0.2553189992904663},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.2517697215080261},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.2421075999736786},{"id":"https://openalex.org/C31972630","wikidata":"https://www.wikidata.org/wiki/Q844240","display_name":"Computer vision","level":1,"score":0.0},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.0},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3419394.3423616","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3419394.3423616","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Internet Measurement Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1749770900","display_name":null,"funder_award_id":"N00014-17-1-2541","funder_id":"https://openalex.org/F4320338399","funder_display_name":"Office of Academic Research, U.S. Naval Academy"},{"id":"https://openalex.org/G4683711888","display_name":null,"funder_award_id":"CNS-1703375","funder_id":"https://openalex.org/F4320322898","funder_display_name":"Shota Rustaveli National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320322898","display_name":"Shota Rustaveli National Science Foundation","ror":"https://ror.org/00xc87681"},{"id":"https://openalex.org/F4320338399","display_name":"Office of Academic Research, U.S. Naval Academy","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":34,"referenced_works":["https://openalex.org/W58852127","https://openalex.org/W1491081130","https://openalex.org/W1519699895","https://openalex.org/W1520941164","https://openalex.org/W1538001410","https://openalex.org/W1631722984","https://openalex.org/W1792275236","https://openalex.org/W1970867218","https://openalex.org/W2026054276","https://openalex.org/W2044675702","https://openalex.org/W2075344129","https://openalex.org/W2095450067","https://openalex.org/W2107044056","https://openalex.org/W2114793359","https://openalex.org/W2116761843","https://openalex.org/W2146567535","https://openalex.org/W2171726649","https://openalex.org/W2474220815","https://openalex.org/W2530163632","https://openalex.org/W2561675875","https://openalex.org/W2604507227","https://openalex.org/W2742244373","https://openalex.org/W2800651024","https://openalex.org/W2907921331","https://openalex.org/W2912248945","https://openalex.org/W2980770947","https://openalex.org/W3015975623","https://openalex.org/W4234713688","https://openalex.org/W4298134634","https://openalex.org/W4386785143","https://openalex.org/W6671777941","https://openalex.org/W6674517494","https://openalex.org/W6674628898","https://openalex.org/W6731631622"],"related_works":["https://openalex.org/W4387947354","https://openalex.org/W4388483122","https://openalex.org/W4387126921","https://openalex.org/W3030592833","https://openalex.org/W2354385412","https://openalex.org/W3037087970","https://openalex.org/W2032897247","https://openalex.org/W4297908618","https://openalex.org/W2985048382","https://openalex.org/W4240545424"],"abstract_inverted_index":{"In":[0],"this":[1,66,129],"paper,":[2],"we":[3,68,109,137,144,177],"perform":[4],"a":[5,21,30,70,88,91,104],"large-scale":[6],"measurement":[7],"study":[8],"of":[9,12,29,52,120,141,180,191],"JavaScript":[10],"obfuscation":[11,171,182],"browser":[13,38,41,80],"APIs":[14,154],"in":[15,111],"the":[16,53,84,95,125,132,142,169,174,189],"wild.":[17],"We":[18,93,162],"rely":[19,187],"on":[20,124,173,188],"simple,":[22],"but":[23],"powerful":[24],"observation:":[25],"if":[26],"dynamic":[27,101],"analysis":[28,51,72,102,106],"script's":[31,54],"behavior":[32,59],"(specifically,":[33],"how":[34,115],"it":[35],"interacts":[36],"with":[37,49],"APIs)":[39],"reveals":[40],"API":[42,81,96],"feature":[43],"usage":[44],"that":[45,58,108,139,155,164,184],"cannot":[46,156],"be":[47,157],"reconciled":[48],"static":[50,105,160],"source":[55],"code,":[56],"then":[57],"is":[60,122,166],"obfuscated.":[61],"To":[62],"quantify":[63,114],"and":[64,117,176],"test":[65],"observation,":[67],"create":[69],"hybrid":[71],"platform":[73],"using":[74],"instrumented":[75],"Chromium":[76],"to":[77,113],"log":[78],"all":[79],"accesses":[82],"by":[83],"scripts":[85],"executed":[86],"when":[87],"user":[89],"visits":[90],"page.":[92],"filter":[94],"access":[97],"traces":[98],"from":[99,159],"our":[100],"through":[103],"tool":[107],"developed":[110],"order":[112],"much":[116],"what":[118],"kind":[119],"functionality":[121],"hidden":[123],"web.":[126],"When":[127],"applying":[128],"methodology":[130],"across":[131],"Alexa":[133],"top":[134],"100k":[135],"domains,":[136],"discover":[138],"95.90%":[140],"domains":[143],"successfully":[145],"visited":[146],"contain":[147],"at":[148],"least":[149],"one":[150],"script":[151],"which":[152],"invokes":[153],"resolved":[158],"analysis.":[161],"observe":[163],"eval":[165],"no":[167,185],"longer":[168,186],"prominent":[170],"method":[172],"web":[175],"uncover":[178],"families":[179],"novel":[181],"techniques":[183],"use":[190],"eval.":[192]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":3}],"updated_date":"2026-02-25T23:00:34.991745","created_date":"2025-10-10T00:00:00"}