Total views : 322

Detection of Malicious JavaScript Code in Web Pages

Affiliations

  • Department of Computer Engineering, R. C. Patel Institute of Technology, Shirpur – 425405, Maharashtra, India

Abstract


Objective: To detect malicious JavaScript code in Web pages by reducing false positive and false negative rate thus increasing detection rate. Methods/Analysis: In recent years JavaScript has become the most common and successful attack construction language. Various approaches have been proposed to overcome the JavaScript security issues. In this paper, we have presented the methodology of detection of malicious JavaScript code in the Web pages. We have collected the benign and malicious JavaScript's from the benchmark sources of Web pages. We have used the static analysis of JavaScript code for the effective detection of malicious and benign scripts. We have created a dataset of 6725 benign and malicious scripts. This dataset consists of 4500 benign and 2225 malicious Java Script's. Finding: We have extracted 77 JavaScript features from the script, among which 45 are new features. We have evaluated our dataset using seven supervised machine learning classifiers. The experimental results show that, by inclusion of new features, all the classifiers have achieved good detection rate between 97%-99%, with very low FPR and FNR, as compared to nine well-known antivirus software's. Novelty/Improvement: We have used 45 new JavaScript features in our dataset. Due to these new features, FPR and FNR are reduced and increase the malicious JavaScript detection rate.

Keywords

Drive-by-Downloads, Malicious JavaScript, Machine Learning, Malicious Web Pages, Static Detection.

Full Text:

 |  (PDF views: 362)

References


  • Zaharia A. JavaScript Malware - A Growing Trend Explained for Everyday Users. 2017. Crossref
  • Patil DR, Patil JB. Survey on malicious web pages detection techniques. International Journal of U-and E-service, Science and Technology. 2015; 8(5):195-206.
  • Patil DR, Patil JB. Malicious web pages detection using static analysis of URLs. International Journal of Information Security and Cybercrime. 2016; 5:57.
  • Wang WH, Yin-Jun LV, Chen HB, Fang ZL. A static malicious JavaScript detection using svm. Proceedings of the International Conference on Computer Science and Electronics Engineering; 2013; 40:21-30.
  • Seshagiri P, Vazhayil A, Sriram P. AMA: Static code analysis of web page for the detection of malicious scripts. Procedia Computer Science. 2016 Dec 31; 93:768-73.
  • Cova M, Kruegel C, Vigna G. Detection and analysis of drive-by-download attacks and malicious JavaScript code.Proceedings of the 19th International Conference on World Wide Web; 2010. p. 281-90.
  • Schwenk G, Bikadorov A, Krueger T, Rieck K. Autonomous learning for detection of JavaScript attacks: Vision or reality?Proceedings of the 5th ACM Workshop on Security and Artificial Intelligence; 2012. p. 93-104.
  • Wang J, Xue Y, Liu Y, Tan TH. JSDC: A hybrid approach for JavaScript malware detection and classification. Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security; 2015. p. 109-20.
  • Canfora G, Mercaldo F, Visaggio CA. Malicious JavaScript detection by features extraction. e-Informatica Software Engineering Journal. 2014; 8(1).
  • Xue Y, Wang J, Liu Y, Xiao H, Sun J, Chandramohan M. Detection and classification of malicious JavaScript via attack behavior modeling. Proceedings of the International Symposium on Software Testing and Analysis; 2015. p. 48-59.
  • Gu B, Zhang W, Bai X, Champion AC, Qin F, Xuan D. JSGuard: Shellcode detection in JavaScript. Proceedings of the International Conference on Security and Privacy in Communication Systems; 2012. p. 112-30.
  • Xu W, Zhang F, Zhu S. JStill: Mostly static detection of obfuscated malicious JavaScript code. Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy; 2013. p. 117-28.
  • Xu W, Zhang F, Zhu S. The power of obfuscation techniques in malicious JavaScript code: A measurement study. Proceedings of the7th International Conference on Malicious and Unwanted Software (MALWARE); 2012. p. 9-16.
  • Fraiwan M, Al-Salman R, Khasawneh N, Conrad S. Analysis and identification of malicious JavaScript code. Information Security Journal: A Global Perspective. 2012; 21(1):1-1.
  • Rieck K, Krueger T, Dewald A. Cujo: efficient detection and prevention of drive-by-download attacks. Proceedings of the 26th Annual Computer Security Applications Conference; 2010. p. 31-9.
  • Dewald A, Holz T, Freiling FC. ADSandbox: Sandboxing JavaScript to fight malicious websites. Proceedings of the ACM Symposium on Applied Computing; 2010. p. 185964.
  • Likarish P, Jung E, Jo I. Obfuscated malicious JavaScript detection using classification techniques. Proceedings of the 4th International Conference on Malicious and Unwanted Software (MALWARE); 2009. p. 47-54.
  • Aebersold S, Kryszczuk K, Paganoni S, Tellenbach B, Trowbridge T. Detecting obfuscated JavaScript’s using machine learning. Proceedings of the 11th International Conference on Internet Monitoring and Protection (ICIMP); 2016.
  • Hallaraker O, Vigna G. Detecting malicious JavaScript code in Mozilla. Proceedings of the 10th IEEE International Conference on In Engineering of Complex Computer Systems (ICECCS); 2005. p. 85-94.
  • Alexa: Alexa top 500 global websites. 2016. Crossref
  • PhishTank: Phishtank developer information. 2016. Crossref
  • Malicious JavaScript dataset. 2017. Crossref 23. HynekPetrak: Sandbox for semi-automatic JavaScript malware analysis, deobfuscation and payload extraction. 2017.Crossref
  • Wang WH, Yin-Jun LV, Chen HB, Fang ZL. A static malicious JavaScript detection using svm. Proceedings of the International Conference on Computer Science and Electronics Engineering. 2013. p. 21-30.
  • Examples of malicious JavaScript. 2017. Crossref
  • Weka 3: Data mining software in Java. 2015. Crossref
  • Sayad S. Naive Bayesian. 2016. Crossref
  • Padhey A. Classification methods: J48 Decision Trees.2016. Crossref
  • Abu-Nimeh S, Nappa D, Wang X, Nair S. A comparison of machine learning techniques for phishing detection. Proceedings of the Anti-Phishing Working Groups 2nd Annual eCrime Researchers Summit; 2007. p. 60-9.
  • Fan RE, Chang KW, Hsieh CJ, Wang XR, Lin CJ. LIBLINEAR: A library for large linear classification. Journal of Machine Learning Research. 2008; 9(Aug):1871-4.
  • Benedikt Waldvogel. Liblinear Weka: Weka wrapper class for the Liblinear Java Classifier. 2016. Crossref
  • Schapire RE. Explaining AdaBoost. Empirical inference.2013. p. 37-52.
  • Kalmegh S. Analysis of WEKA data mining algorithm REPTree, Simple CART and Random Tree for classification of Indian news. International Journal of Innovative Science, Engineering and Technology. 2015 Feb; 2(2):438-6.
  • Freund Y, Mason L. The alternating decision tree learning algorithm. Proceedings of the International Conference on Machine Learning (ICML); 1999. p. 124-33.
  • Confusion Matrix. 2016. Crossref

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.