Detecting malicious JavaScript code based on semantic analysis

作     者：Fang, Yong Huang, Cheng Su, Yu Qiu, Yaoyao 

作者机构：Sichuan Univ Coll Cybersecur Chengdu Peoples R China Sichuan Univ Coll Elect & Informat Engn Chengdu Peoples R China 

出 版 物：《COMPUTERS & SECURITY》 (计算机与安全)

年 卷 期：2020年第93卷

页      面：101764-101764页

核心收录：

学科分类：08[工学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：National Natural Science Foundation of China Fundamental Research Funds for the Central Universities 

主　　题：Malicious JavaScript detection Abstract syntax tree Attention mechanism Static analysis Bi-LSTM FastText 

摘      要：Web development technology has undergone tremendous evolution, the creation of JavaScript has greatly enriched the interactive capabilities of the client. However, attackers use the dynamics feature of JavaScript language to embed malicious code into web pages for the purpose of drive-by-download, redirection, etc. The traditional method based on static feature detection is difficult to detect the malicious code after obfuscation, and the method based on dynamic analysis has low efficiency. To overcome these challenges, this paper proposes a static detection model based on semantic analysis. The model firstly generates an abstract syntax tree from JavaScript source codes, then automatically converts them to syntactic unit sequences. FastText algorithm is introduced to training word vectors. The syntactic unit sequences are represented as word vectors which will be input into Bi-LSTM network with attention mechanism. The detection model with Bi-LSTM network with attention mechanism is the key to detect malicious JavaScript. We experimented with the dataset using a five-fold cross-validation method. Experiments showed that the model can effectively detect obfuscated malicious JavaScript code and improve the detection speed, with a precision of 0.977 and recall of 0.974. (C) 2020 Elsevier Ltd. All rights reserved.