Next-generation antivirus for JavaScript malware detection based on dynamic features

There are many kinds of Exploit Kits, each one being built with several vulnerabilities, but almost all of them are written in JavaScript. So, we created an antivirus, endowed with machine learning, expert in detecting JavaScript malware based on Runtime Behaviors. In our methodology, JavaScript is...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Knowledge and information systems Jg. 66; H. 2; S. 1337 - 1370
Hauptverfasser: de Lima, Sidney M. L., Souza, Danilo M., Pinheiro, Ricardo P., Silva, Sthéfano H. M. T., Lopes, Petrônio G., de Lima, Rafael D. T., de Oliveira, Jemerson R., Monteiro, Thyago de A., Fernandes, Sérgio M. M., Albuquerque, Edison de Q., da Silva, Washington W. A., dos Santos, Wellington P.
Format: Journal Article
Sprache:Englisch
Veröffentlicht: London Springer London 01.02.2024
Springer Nature B.V
Schlagworte:
Accuracy
Anti-virus software
Computer Science
Cybersecurity
Data Mining and Knowledge Discovery
Database Management
Information Storage and Retrieval
Information Systems and Communication Service
Information Systems Applications (incl.Internet)
IT in Business
JavaScript
Machine learning
Malware
Operating systems
Regular Paper
Computer forensics
Dynamic features
JavaScript
Machine learning
Malware
Antivirus
Sandbox
ISSN:0219-1377, 0219-3116
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:There are many kinds of Exploit Kits, each one being built with several vulnerabilities, but almost all of them are written in JavaScript. So, we created an antivirus, endowed with machine learning, expert in detecting JavaScript malware based on Runtime Behaviors. In our methodology, JavaScript is executed, in a controlled environment. The goal was to investigate suspicious file behavior. Our antivirus, as a whole, dynamically monitors and ponders 7690 suspicious behaviors that the JavaScript file can do in Windows 7. As experiments, the authorial antivirus is compared to antiviruses based on deep as based on shallow networks. Our antivirus achieves an average accuracy of 99.75% in the distinction between benign and malware, accompanied by a training time of 8.92 s. Establishing the relationship between accuracy and training time is essential in information security. Eight (8) new malware are released every second. An antivirus with excessive training time can become obsolete even when released. As our proposed model can overcome the limitations of state-of-the-art, our antivirus combines high accuracy and fast training. In addition, the authorial antivirus is able to detect JavaScript malware, endowed with digital antiforense, such as obfuscates, polymorphic and fileless attacks.
Bibliographie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0219-1377
0219-3116
DOI:10.1007/s10115-023-01978-4