Research on Evasion and Detection of Malicious JavaScript Code

Yujie Ma; Haokai Wu; Yu An Tan; Yuanzhang Li

doi:10.1007/978-981-97-2458-1_8

Research on Evasion and Detection of Malicious JavaScript Code

Yujie Ma, Haokai Wu, Yu An Tan, Yuanzhang Li^*

^*Corresponding author for this work

School of Computer Science and Technology

Beijing Institute of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

This thesis analyzes the malicious essence of malicious JavaScript and the implementation of malicious functions. Then, this thesis combines the result with the taint analysis technology in the field of software vulnerability analysis, and proposes a new malicious JavaScript detection method based on taint analysis. This method defines the taint source and taint sink point according to the implementation of malicious code functions, and then performs taint propagation on the abstract syntax tree of the code to obtain the characteristics of the code. After forming a feature vector through the process, this thesis finally uses machine learning models to complete detection. Experimental results show that the method can well complete the binary classification of malicious and benign samples, and the detection effect on the obfuscated samples is significantly better than mainstream online anti-malware engines. Code obfuscation can hardly affect detection results of this method.

Original language	English
Title of host publication	Machine Learning for Cyber Security - 5th International Conference, ML4CS 2023, Proceedings
Editors	Dan Dongseong Kim, Chao Chen
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	104-130
Number of pages	27
ISBN (Print)	9789819724574
DOIs	https://doi.org/10.1007/978-981-97-2458-1_8
Publication status	Published - 2024
Event	5th International Conference on Machine Learning for Cyber Security, ML4CS 2023 - Yanuca Island, Fiji Duration: 4 Dec 2023 → 6 Dec 2023

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	14541 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	5th International Conference on Machine Learning for Cyber Security, ML4CS 2023
Country/Territory	Fiji
City	Yanuca Island
Period	4/12/23 → 6/12/23

Keywords

code obfuscation
JavaScript
malicious code detection
malicious code evasion
taint analysis

Access to Document

10.1007/978-981-97-2458-1_8

Cite this

Ma, Y., Wu, H., Tan, Y. A., & Li, Y. (2024). Research on Evasion and Detection of Malicious JavaScript Code. In D. D. Kim, & C. Chen (Eds.), Machine Learning for Cyber Security - 5th International Conference, ML4CS 2023, Proceedings (pp. 104-130). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14541 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-97-2458-1_8

Ma, Yujie ; Wu, Haokai ; Tan, Yu An et al. / Research on Evasion and Detection of Malicious JavaScript Code. Machine Learning for Cyber Security - 5th International Conference, ML4CS 2023, Proceedings. editor / Dan Dongseong Kim ; Chao Chen. Springer Science and Business Media Deutschland GmbH, 2024. pp. 104-130 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{8d8df6e3c6ea47239e0394d9de07637b,

title = "Research on Evasion and Detection of Malicious JavaScript Code",

abstract = "This thesis analyzes the malicious essence of malicious JavaScript and the implementation of malicious functions. Then, this thesis combines the result with the taint analysis technology in the field of software vulnerability analysis, and proposes a new malicious JavaScript detection method based on taint analysis. This method defines the taint source and taint sink point according to the implementation of malicious code functions, and then performs taint propagation on the abstract syntax tree of the code to obtain the characteristics of the code. After forming a feature vector through the process, this thesis finally uses machine learning models to complete detection. Experimental results show that the method can well complete the binary classification of malicious and benign samples, and the detection effect on the obfuscated samples is significantly better than mainstream online anti-malware engines. Code obfuscation can hardly affect detection results of this method.",

keywords = "code obfuscation, JavaScript, malicious code detection, malicious code evasion, taint analysis",

author = "Yujie Ma and Haokai Wu and Tan, {Yu An} and Yuanzhang Li",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024.; 5th International Conference on Machine Learning for Cyber Security, ML4CS 2023 ; Conference date: 04-12-2023 Through 06-12-2023",

year = "2024",

doi = "10.1007/978-981-97-2458-1_8",

language = "English",

isbn = "9789819724574",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "104--130",

editor = "Kim, {Dan Dongseong} and Chao Chen",

booktitle = "Machine Learning for Cyber Security - 5th International Conference, ML4CS 2023, Proceedings",

address = "Germany",

}

Ma, Y, Wu, H, Tan, YA & Li, Y 2024, Research on Evasion and Detection of Malicious JavaScript Code. in DD Kim & C Chen (eds), Machine Learning for Cyber Security - 5th International Conference, ML4CS 2023, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 14541 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 104-130, 5th International Conference on Machine Learning for Cyber Security, ML4CS 2023, Yanuca Island, Fiji, 4/12/23. https://doi.org/10.1007/978-981-97-2458-1_8

Research on Evasion and Detection of Malicious JavaScript Code. / Ma, Yujie; Wu, Haokai; Tan, Yu An et al.
Machine Learning for Cyber Security - 5th International Conference, ML4CS 2023, Proceedings. ed. / Dan Dongseong Kim; Chao Chen. Springer Science and Business Media Deutschland GmbH, 2024. p. 104-130 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14541 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Research on Evasion and Detection of Malicious JavaScript Code

AU - Ma, Yujie

AU - Wu, Haokai

AU - Tan, Yu An

AU - Li, Yuanzhang

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024.

PY - 2024

Y1 - 2024

N2 - This thesis analyzes the malicious essence of malicious JavaScript and the implementation of malicious functions. Then, this thesis combines the result with the taint analysis technology in the field of software vulnerability analysis, and proposes a new malicious JavaScript detection method based on taint analysis. This method defines the taint source and taint sink point according to the implementation of malicious code functions, and then performs taint propagation on the abstract syntax tree of the code to obtain the characteristics of the code. After forming a feature vector through the process, this thesis finally uses machine learning models to complete detection. Experimental results show that the method can well complete the binary classification of malicious and benign samples, and the detection effect on the obfuscated samples is significantly better than mainstream online anti-malware engines. Code obfuscation can hardly affect detection results of this method.

AB - This thesis analyzes the malicious essence of malicious JavaScript and the implementation of malicious functions. Then, this thesis combines the result with the taint analysis technology in the field of software vulnerability analysis, and proposes a new malicious JavaScript detection method based on taint analysis. This method defines the taint source and taint sink point according to the implementation of malicious code functions, and then performs taint propagation on the abstract syntax tree of the code to obtain the characteristics of the code. After forming a feature vector through the process, this thesis finally uses machine learning models to complete detection. Experimental results show that the method can well complete the binary classification of malicious and benign samples, and the detection effect on the obfuscated samples is significantly better than mainstream online anti-malware engines. Code obfuscation can hardly affect detection results of this method.

KW - code obfuscation

KW - JavaScript

KW - malicious code detection

KW - malicious code evasion

KW - taint analysis

UR - http://www.scopus.com/inward/record.url?scp=85192369588&partnerID=8YFLogxK

U2 - 10.1007/978-981-97-2458-1_8

DO - 10.1007/978-981-97-2458-1_8

M3 - Conference contribution

AN - SCOPUS:85192369588

SN - 9789819724574

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 104

EP - 130

BT - Machine Learning for Cyber Security - 5th International Conference, ML4CS 2023, Proceedings

A2 - Kim, Dan Dongseong

A2 - Chen, Chao

PB - Springer Science and Business Media Deutschland GmbH

T2 - 5th International Conference on Machine Learning for Cyber Security, ML4CS 2023

Y2 - 4 December 2023 through 6 December 2023

ER -

Ma Y, Wu H, Tan YA, Li Y. Research on Evasion and Detection of Malicious JavaScript Code. In Kim DD, Chen C, editors, Machine Learning for Cyber Security - 5th International Conference, ML4CS 2023, Proceedings. Springer Science and Business Media Deutschland GmbH. 2024. p. 104-130. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-981-97-2458-1_8