Obfuscated Malicious JavaScript Detection by Machine Learning
- DOI
- 10.2991/ameii-16.2016.157How to use a DOI?
- Keywords
- Malicious JavaScript Detection, Machine Learning, Obfuscation, Dynamic Trace, Semantic-based Deobfuscation, Trace Pattern
- Abstract
In recent years, malicious JavaScript code has become more and more pervasive and been used by attackers to perform their attacks on the Web. To evade the detection of defense measures, various kinds of obfuscation techniques have been applied by the malicious script, taking advantage of the dynamic nature of JavaScript language. In this paper, we propose a new machine-learning based detection approach aiming at defeating such evasion attempts. Dynamic execution traces are recorded to capture all behaviors performed by the malicious script, including the dynamic generated code. Semantic-based deobfuscation is used to simplify the traces to get more concise and more essential instructions. None-ordered and none-concessive trace patterns are extracted from the deobfuscated traces to represent the intrinsic features for malicious scripts. We evaluated our approach with a large number of dataset collected from the Internet. The empirical results demonstrate that our approach is able to detect obfuscated malicious JavaScript code both effectively and efficiently.
- Copyright
- © 2016, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Jinkun Pan AU - Xiaoguang Mao PY - 2016/04 DA - 2016/04 TI - Obfuscated Malicious JavaScript Detection by Machine Learning BT - Proceedings of the 2nd International Conference on Advances in Mechanical Engineering and Industrial Informatics (AMEII 2016) PB - Atlantis Press SP - 805 EP - 810 SN - 2352-5401 UR - https://doi.org/10.2991/ameii-16.2016.157 DO - 10.2991/ameii-16.2016.157 ID - Pan2016/04 ER -