Explore / benchmark humanify against "JsDeObsBench: Measuring and Benchmarking LLMs for JavaScript Deobfuscation" #539
Description
- https://arxiv.org/abs/2506.20170
-
JsDeObsBench: Measuring and Benchmarking LLMs for JavaScript Deobfuscation
-
Deobfuscating JavaScript (JS) code poses a significant challenge in web security, particularly as obfuscation techniques are frequently used to conceal malicious activities within scripts. While Large Language Models (LLMs) have recently shown promise in automating the deobfuscation process, transforming detection and mitigation strategies against these obfuscated threats, a systematic benchmark to quantify their effectiveness and limitations has been notably absent. To address this gap, we present JsDeObsBench, a dedicated benchmark designed to rigorously evaluate the effectiveness of LLMs in the context of JS deobfuscation. We detail our benchmarking methodology, which includes a wide range of obfuscation techniques ranging from basic variable renaming to sophisticated structure transformations, providing a robust framework for assessing LLM performance in real-world scenarios. Our extensive experimental analysis investigates the proficiency of cutting-edge LLMs, e.g., GPT-4o, Mixtral, Llama, and DeepSeek-Coder, revealing superior performance in code simplification despite challenges in maintaining syntax accuracy and execution reliability compared to baseline methods. We further evaluate the deobfuscation of JS malware to exhibit the potential of LLMs in security scenarios. The findings highlight the utility of LLMs in deobfuscation applications and pinpoint crucial areas for further improvement.
- https://www.alphaxiv.org/overview/2506.20170v1
-
Originally shared by @neoOpus:
@0xdevalias I came across this today and thought it might be of interest to you. I believe it could also be worth reading for anyone else who might come across it as well.
https://arxiv.org/pdf/2506.20170Originally posted by @neoOpus in #533 (comment)
I came across this today and thought it might be of interest to you.
@neoOpus Oh awesome; thanks! Probably worth opening a new issue for this sort of thing though; as it's not related to this PR.
Originally posted by @0xdevalias in #533 (comment)
See Also
- Explore / benchmark webcrack against "JsDeObsBench: Measuring and Benchmarking LLMs for JavaScript Deobfuscation" j4k0xb/webcrack#189
- Explore / benchmark wakaru against "JsDeObsBench: Measuring and Benchmarking LLMs for JavaScript Deobfuscation" pionxzh/wakaru#144
- Explore / benchmark obfuscator-io-deobfuscator against "JsDeObsBench: Measuring and Benchmarking LLMs for JavaScript Deobfuscation" ben-sb/obfuscator-io-deobfuscator#50
- Explore / benchmark restringer against "JsDeObsBench: Measuring and Benchmarking LLMs for JavaScript Deobfuscation" HumanSecurity/restringer#143
- Deobfuscating / Unminifying Obfuscated Web App / JavaScript Code (0xdevalias' gist)