JStrong: Malicious JavaScript detection based on code semantic representation and graph neural network

Web development technology has experienced significant progress. The creation of JavaScript has highly enriched the interactive ability of the client. However, the attacker uses the dynamic characteristics of the JavaScript language to embed malicious code into web pages to achieve the purpose of sm...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:Computers & security Ročník 118; s. 102715
Hlavní autori: Fang, Yong, Huang, Chaoyi, Zeng, Minchuan, Zhao, Zhiying, Huang, Cheng
Médium: Journal Article
Jazyk:English
Vydavateľské údaje: Amsterdam Elsevier Ltd 01.07.2022
Elsevier Sequoia S.A
Predmet:
Classification
Code representation
Confusion
Dependency
Dynamic characteristics
Graph neural network
Graph neural networks
Graph theory
Graphical representations
Java
JavaScript
Malicious JavaScript
Malware
Networks
Neural networks
Program dependency graph
Scripts detection
Semantics
Smuggling
Source code
Syntax
Websites
Malicious JavaScript
Scripts detection
Program dependency graph
Code representation
Graph neural network
ISSN:0167-4048, 1872-6208
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:Web development technology has experienced significant progress. The creation of JavaScript has highly enriched the interactive ability of the client. However, the attacker uses the dynamic characteristics of the JavaScript language to embed malicious code into web pages to achieve the purpose of smuggling, redirection, and so on. Traditional methods based on static feature detection are therefore difficult to detect malicious code after confusion, and the method based on dynamic analysis is inefficient. To meet these challenges, this paper proposes a static detection model JStrong based on graph neural network. The model first generates an abstract syntax tree from the JavaScript source code, and then adds data flow and control flow information into the program dependency graph. In addition, we embed the nodes and edges of the graph into the feature vector and fully learn the features of the whole graph through the graph neural network. We take advantage of a real-world dataset collected from the top website and GitHub to evaluate JStrong and compare it to the state-of-the-art method. Experimental results show that JStrong achieves near-perfect classification performance and is superior to the state-of-the-art method.
Bibliografia:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2022.102715