Next-generation antivirus for JavaScript malware detection based on dynamic features

There are many kinds of Exploit Kits, each one being built with several vulnerabilities, but almost all of them are written in JavaScript. So, we created an antivirus, endowed with machine learning, expert in detecting JavaScript malware based on Runtime Behaviors. In our methodology, JavaScript is...

Full description

Saved in:
Bibliographic Details
Published in:Knowledge and information systems Vol. 66; no. 2; pp. 1337 - 1370
Main Authors: de Lima, Sidney M. L., Souza, Danilo M., Pinheiro, Ricardo P., Silva, Sthéfano H. M. T., Lopes, Petrônio G., de Lima, Rafael D. T., de Oliveira, Jemerson R., Monteiro, Thyago de A., Fernandes, Sérgio M. M., Albuquerque, Edison de Q., da Silva, Washington W. A., dos Santos, Wellington P.
Format: Journal Article
Language:English
Published: London Springer London 01.02.2024
Springer Nature B.V
Subjects:
Accuracy
Anti-virus software
Computer Science
Cybersecurity
Data Mining and Knowledge Discovery
Database Management
Information Storage and Retrieval
Information Systems and Communication Service
Information Systems Applications (incl.Internet)
IT in Business
JavaScript
Machine learning
Malware
Operating systems
Regular Paper
Computer forensics
Dynamic features
JavaScript
Machine learning
Malware
Antivirus
Sandbox
ISSN:0219-1377, 0219-3116
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:There are many kinds of Exploit Kits, each one being built with several vulnerabilities, but almost all of them are written in JavaScript. So, we created an antivirus, endowed with machine learning, expert in detecting JavaScript malware based on Runtime Behaviors. In our methodology, JavaScript is executed, in a controlled environment. The goal was to investigate suspicious file behavior. Our antivirus, as a whole, dynamically monitors and ponders 7690 suspicious behaviors that the JavaScript file can do in Windows 7. As experiments, the authorial antivirus is compared to antiviruses based on deep as based on shallow networks. Our antivirus achieves an average accuracy of 99.75% in the distinction between benign and malware, accompanied by a training time of 8.92 s. Establishing the relationship between accuracy and training time is essential in information security. Eight (8) new malware are released every second. An antivirus with excessive training time can become obsolete even when released. As our proposed model can overcome the limitations of state-of-the-art, our antivirus combines high accuracy and fast training. In addition, the authorial antivirus is able to detect JavaScript malware, endowed with digital antiforense, such as obfuscates, polymorphic and fileless attacks.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0219-1377
0219-3116
DOI:10.1007/s10115-023-01978-4