Evaluation and Comparison of Dynamic Call Graph Generators for JavaScript

Zoltán Herczeg, Gábor Lóki

Abstract

JavaScript is the most popular programming language these days and it is also the core language of the node.js environment. Sharing code is a simple task in this environment and the shared code can be easily reused as building blocks to create new applications. This vibrant and ever growing environment is not perfect though. Due to the large amount of reused code, even simple applications can have a lot of indirect dependencies. Developers may not even be aware of the fact that some of these dependencies could contain malware, since harmful code can be hidden relatively easily due to the dynamic nature of JavaScript. Dynamic software analysis is one way of detecting suspicious activities. Call graphs can reveal the internal workings of an application and they have been used successfully for malware detection. In node.js, no tool has been available for directly generating JavaScript call graphs before. In this paper, we are going to introduce three tools that can be used to generate call graphs for further analysis. We show that call graphs contain a significant amount of engine-specific information but filters can be used to reduce such differences.

Download


Paper Citation


in Harvard Style

Herczeg Z. and Lóki G. (2019). Evaluation and Comparison of Dynamic Call Graph Generators for JavaScript.In Proceedings of the 14th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE, ISBN 978-989-758-375-9, pages 472-479. DOI: 10.5220/0007752904720479


in Bibtex Style

@conference{enase19,
author={Zoltán Herczeg and Gábor Lóki},
title={Evaluation and Comparison of Dynamic Call Graph Generators for JavaScript},
booktitle={Proceedings of the 14th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE,},
year={2019},
pages={472-479},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007752904720479},
isbn={978-989-758-375-9},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 14th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE,
TI - Evaluation and Comparison of Dynamic Call Graph Generators for JavaScript
SN - 978-989-758-375-9
AU - Herczeg Z.
AU - Lóki G.
PY - 2019
SP - 472
EP - 479
DO - 10.5220/0007752904720479