Research on Evasion and Detection of Malicious JavaScript Code

Yujie Ma; Haokai Wu; Yu An Tan; Yuanzhang Li

doi:10.1007/978-981-97-2458-1_8

Research on Evasion and Detection of Malicious JavaScript Code

Yujie Ma
, Haokai Wu
, Yu An Tan
, Yuanzhang Li^*

^*此作品的通讯作者

计算机学院

Beijing Institute of Technology

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

摘要

This thesis analyzes the malicious essence of malicious JavaScript and the implementation of malicious functions. Then, this thesis combines the result with the taint analysis technology in the field of software vulnerability analysis, and proposes a new malicious JavaScript detection method based on taint analysis. This method defines the taint source and taint sink point according to the implementation of malicious code functions, and then performs taint propagation on the abstract syntax tree of the code to obtain the characteristics of the code. After forming a feature vector through the process, this thesis finally uses machine learning models to complete detection. Experimental results show that the method can well complete the binary classification of malicious and benign samples, and the detection effect on the obfuscated samples is significantly better than mainstream online anti-malware engines. Code obfuscation can hardly affect detection results of this method.

源语言	英语
主期刊名	Machine Learning for Cyber Security - 5th International Conference, ML4CS 2023, Proceedings
编辑	Dan Dongseong Kim, Chao Chen
出版商	Springer Science and Business Media Deutschland GmbH
页	104-130
页数	27
ISBN（印刷版）	9789819724574
DOI	https://doi.org/10.1007/978-981-97-2458-1_8
出版状态	已出版 - 2024
活动	5th International Conference on Machine Learning for Cyber Security, ML4CS 2023 - Yanuca Island, 斐济期限: 4 12月 2023 → 6 12月 2023

出版系列

姓名	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
卷	14541 LNCS
ISSN（印刷版）	0302-9743
ISSN（电子版）	1611-3349

会议

会议	5th International Conference on Machine Learning for Cyber Security, ML4CS 2023
国家/地区	斐济
市	Yanuca Island
时期	4/12/23 → 6/12/23

访问文件

10.1007/978-981-97-2458-1_8

其它文件与链接

链接到 Scopus 的出版物

引用此

Ma, Y., Wu, H., Tan, Y. A., & Li, Y. (2024). Research on Evasion and Detection of Malicious JavaScript Code. 在 D. D. Kim, & C. Chen (编辑), Machine Learning for Cyber Security - 5th International Conference, ML4CS 2023, Proceedings (页码 104-130). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 14541 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-97-2458-1_8

Ma, Yujie ; Wu, Haokai ; Tan, Yu An 等. / Research on Evasion and Detection of Malicious JavaScript Code. Machine Learning for Cyber Security - 5th International Conference, ML4CS 2023, Proceedings. 编辑 / Dan Dongseong Kim ; Chao Chen. Springer Science and Business Media Deutschland GmbH, 2024. 页码 104-130 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{8d8df6e3c6ea47239e0394d9de07637b,

title = "Research on Evasion and Detection of Malicious JavaScript Code",

abstract = "This thesis analyzes the malicious essence of malicious JavaScript and the implementation of malicious functions. Then, this thesis combines the result with the taint analysis technology in the field of software vulnerability analysis, and proposes a new malicious JavaScript detection method based on taint analysis. This method defines the taint source and taint sink point according to the implementation of malicious code functions, and then performs taint propagation on the abstract syntax tree of the code to obtain the characteristics of the code. After forming a feature vector through the process, this thesis finally uses machine learning models to complete detection. Experimental results show that the method can well complete the binary classification of malicious and benign samples, and the detection effect on the obfuscated samples is significantly better than mainstream online anti-malware engines. Code obfuscation can hardly affect detection results of this method.",

keywords = "code obfuscation, JavaScript, malicious code detection, malicious code evasion, taint analysis",

author = "Yujie Ma and Haokai Wu and Tan, \{Yu An\} and Yuanzhang Li",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024.; 5th International Conference on Machine Learning for Cyber Security, ML4CS 2023 ; Conference date: 04-12-2023 Through 06-12-2023",

year = "2024",

doi = "10.1007/978-981-97-2458-1\_8",

language = "English",

isbn = "9789819724574",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "104--130",

editor = "Kim, \{Dan Dongseong\} and Chao Chen",

booktitle = "Machine Learning for Cyber Security - 5th International Conference, ML4CS 2023, Proceedings",

address = "Germany",

}

Ma, Y, Wu, H, Tan, YA & Li, Y 2024, Research on Evasion and Detection of Malicious JavaScript Code. 在 DD Kim & C Chen (编辑), Machine Learning for Cyber Security - 5th International Conference, ML4CS 2023, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 卷 14541 LNCS, Springer Science and Business Media Deutschland GmbH, 页码 104-130, 5th International Conference on Machine Learning for Cyber Security, ML4CS 2023, Yanuca Island, 斐济, 4/12/23. https://doi.org/10.1007/978-981-97-2458-1_8

Research on Evasion and Detection of Malicious JavaScript Code. / Ma, Yujie; Wu, Haokai; Tan, Yu An 等.
Machine Learning for Cyber Security - 5th International Conference, ML4CS 2023, Proceedings. 编辑 / Dan Dongseong Kim; Chao Chen. Springer Science and Business Media Deutschland GmbH, 2024. 页码 104-130 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 14541 LNCS).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - Research on Evasion and Detection of Malicious JavaScript Code

AU - Ma, Yujie

AU - Wu, Haokai

AU - Tan, Yu An

AU - Li, Yuanzhang

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024.

PY - 2024

Y1 - 2024

N2 - This thesis analyzes the malicious essence of malicious JavaScript and the implementation of malicious functions. Then, this thesis combines the result with the taint analysis technology in the field of software vulnerability analysis, and proposes a new malicious JavaScript detection method based on taint analysis. This method defines the taint source and taint sink point according to the implementation of malicious code functions, and then performs taint propagation on the abstract syntax tree of the code to obtain the characteristics of the code. After forming a feature vector through the process, this thesis finally uses machine learning models to complete detection. Experimental results show that the method can well complete the binary classification of malicious and benign samples, and the detection effect on the obfuscated samples is significantly better than mainstream online anti-malware engines. Code obfuscation can hardly affect detection results of this method.

AB - This thesis analyzes the malicious essence of malicious JavaScript and the implementation of malicious functions. Then, this thesis combines the result with the taint analysis technology in the field of software vulnerability analysis, and proposes a new malicious JavaScript detection method based on taint analysis. This method defines the taint source and taint sink point according to the implementation of malicious code functions, and then performs taint propagation on the abstract syntax tree of the code to obtain the characteristics of the code. After forming a feature vector through the process, this thesis finally uses machine learning models to complete detection. Experimental results show that the method can well complete the binary classification of malicious and benign samples, and the detection effect on the obfuscated samples is significantly better than mainstream online anti-malware engines. Code obfuscation can hardly affect detection results of this method.

KW - code obfuscation

KW - JavaScript

KW - malicious code detection

KW - malicious code evasion

KW - taint analysis

UR - https://www.scopus.com/pages/publications/85192369588

U2 - 10.1007/978-981-97-2458-1_8

DO - 10.1007/978-981-97-2458-1_8

M3 - Conference contribution

AN - SCOPUS:85192369588

SN - 9789819724574

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 104

EP - 130

BT - Machine Learning for Cyber Security - 5th International Conference, ML4CS 2023, Proceedings

A2 - Kim, Dan Dongseong

A2 - Chen, Chao

PB - Springer Science and Business Media Deutschland GmbH

T2 - 5th International Conference on Machine Learning for Cyber Security, ML4CS 2023

Y2 - 4 December 2023 through 6 December 2023

ER -

Ma Y, Wu H, Tan YA, Li Y. Research on Evasion and Detection of Malicious JavaScript Code. 在 Kim DD, Chen C, 编辑, Machine Learning for Cyber Security - 5th International Conference, ML4CS 2023, Proceedings. Springer Science and Business Media Deutschland GmbH. 2024. 页码 104-130. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-981-97-2458-1_8

Research on Evasion and Detection of Malicious JavaScript Code

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此