Next-generation antivirus for JavaScript malware detection based on dynamic features

There are many kinds of Exploit Kits, each one being built with several vulnerabilities, but almost all of them are written in JavaScript. So, we created an antivirus, endowed with machine learning, expert in detecting JavaScript malware based on Runtime Behaviors. In our methodology, JavaScript is...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:Knowledge and information systems Ročník 66; číslo 2; s. 1337 - 1370
Hlavní autori: de Lima, Sidney M. L., Souza, Danilo M., Pinheiro, Ricardo P., Silva, Sthéfano H. M. T., Lopes, Petrônio G., de Lima, Rafael D. T., de Oliveira, Jemerson R., Monteiro, Thyago de A., Fernandes, Sérgio M. M., Albuquerque, Edison de Q., da Silva, Washington W. A., dos Santos, Wellington P.
Médium: Journal Article
Jazyk:English
Vydavateľské údaje: London Springer London 01.02.2024
Springer Nature B.V
Predmet:
Accuracy
Anti-virus software
Computer Science
Cybersecurity
Data Mining and Knowledge Discovery
Database Management
Information Storage and Retrieval
Information Systems and Communication Service
Information Systems Applications (incl.Internet)
IT in Business
JavaScript
Machine learning
Malware
Operating systems
Regular Paper
Computer forensics
Dynamic features
JavaScript
Machine learning
Malware
Antivirus
Sandbox
ISSN:0219-1377, 0219-3116
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:There are many kinds of Exploit Kits, each one being built with several vulnerabilities, but almost all of them are written in JavaScript. So, we created an antivirus, endowed with machine learning, expert in detecting JavaScript malware based on Runtime Behaviors. In our methodology, JavaScript is executed, in a controlled environment. The goal was to investigate suspicious file behavior. Our antivirus, as a whole, dynamically monitors and ponders 7690 suspicious behaviors that the JavaScript file can do in Windows 7. As experiments, the authorial antivirus is compared to antiviruses based on deep as based on shallow networks. Our antivirus achieves an average accuracy of 99.75% in the distinction between benign and malware, accompanied by a training time of 8.92 s. Establishing the relationship between accuracy and training time is essential in information security. Eight (8) new malware are released every second. An antivirus with excessive training time can become obsolete even when released. As our proposed model can overcome the limitations of state-of-the-art, our antivirus combines high accuracy and fast training. In addition, the authorial antivirus is able to detect JavaScript malware, endowed with digital antiforense, such as obfuscates, polymorphic and fileless attacks.
Bibliografia:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0219-1377
0219-3116
DOI:10.1007/s10115-023-01978-4