Obfuscated Malicious JavaScript Detection by Machine Learning
Abstract
In recent years, malicious JavaScript code has become more and more pervasive and been used by attackers to perform their attacks on the Web.To evade the detection of defense measures, various kinds of obfuscation techniques have been applied by the malicious script, taking advantage of the dynamic nature of JavaScript language.In this paper, we propose a new machine-learning based detection approach aiming at defeating such evasion attempts.Dynamic execution traces are recorded to capture all behaviors performed by the malicious script, including the dynamic generated code.Semantic-based deobfuscation is used to simplify the traces to get more concise and more essential instructions.None-ordered and none-concessive trace patterns are extracted from the deobfuscated traces to represent the intrinsic features for malicious scripts.We evaluated our approach with a large number of dataset collected from the Internet.The empirical results demonstrate that our approach is able to detect obfuscated malicious JavaScript code both effectively and efficiently.
Metrics
Citation History
Topics
Related Documents
Detection of Obfuscated Malicious JavaScript Code
Ammar AlazabAnsam KhraisatMoutaz AlazabSarabjot Singh
TransAST: A Machine Translation-Based Approach for Obfuscated Malicious JavaScript Detection
Yan QinWeiping WangZixian ChenHong SongShigeng Zhang
JaSt: Fully Syntactic Detection of Malicious (Obfuscated) JavaScript
Aurore FassRobert KrawczykMichael BackesBen Stock
Deobfuscation, unpacking, and decoding of obfuscated malicious JavaScript for machine learning models detection performance improvement
Samuel NdichuSang-Wook KimSeiichi Ozawa