Zobraziť v EDS

Enhancing JavaScript Malware Detection through Weighted Behavioral DFAs

Uložené v:
Podrobná bibliografia
Názov: Enhancing JavaScript Malware Detection through Weighted Behavioral DFAs
Autori: Pereira, Pedro, Gonçalves, José, Vitorino, João, Maia, Eva, Praça, Isabel
Rok vydania: 2025
Zbierka: ArXiv.org (Cornell University Library)
Predmety: Cryptography and Security
Popis: This work addresses JavaScript malware detection to enhance client-side web application security with a behavior-based system. The ability to detect malicious JavaScript execution sequences is a critical problem in modern web security as attack techniques become more sophisticated. This study introduces a new system for detecting JavaScript malware using a Deterministic Finite Automaton (DFA) along with a weighted-behavior system, which we call behavior DFA. This system captures malicious patterns and provides a dynamic mechanism to classify new sequences that exhibit partial similarity to known attacks, differentiating them between benign, partially malicious, and fully malicious behaviors. Experimental evaluation on a dataset of 1,058 sequences captured in a real-world environment demonstrates the capability of the system to detect and classify threats effectively, with the behavior DFA successfully identifying exact matches and partial similarities to known malicious behaviors. The results highlight the adaptability of the system in detecting emerging threats while maintaining transparency in decision making. ; 14 pages, 1 figure, EICC 2025
Druh dokumentu: text
Jazyk: unknown
Relation: http://arxiv.org/abs/2505.21406
Dostupnosť: http://arxiv.org/abs/2505.21406
Prístupové číslo: edsbas.E3FD5EFE
Databáza: BASE
Popis
Abstrakt:This work addresses JavaScript malware detection to enhance client-side web application security with a behavior-based system. The ability to detect malicious JavaScript execution sequences is a critical problem in modern web security as attack techniques become more sophisticated. This study introduces a new system for detecting JavaScript malware using a Deterministic Finite Automaton (DFA) along with a weighted-behavior system, which we call behavior DFA. This system captures malicious patterns and provides a dynamic mechanism to classify new sequences that exhibit partial similarity to known attacks, differentiating them between benign, partially malicious, and fully malicious behaviors. Experimental evaluation on a dataset of 1,058 sequences captured in a real-world environment demonstrates the capability of the system to detect and classify threats effectively, with the behavior DFA successfully identifying exact matches and partial similarities to known malicious behaviors. The results highlight the adaptability of the system in detecting emerging threats while maintaining transparency in decision making. ; 14 pages, 1 figure, EICC 2025