Analysis and Identification of Malicious JavaScript Code

Malicious JavaScript code has been actively and recently utilized as a vehicle for Web-based security attacks. By exploiting vulnerabilities such as cross-site scripting (XSS), attackers are able to spread worms, conduct Phishing attacks, and do Web page redirection to "typically" porn Web...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:Information security journal. Ročník 21; číslo 1; s. 1 - 11
Hlavní autori: Fraiwan, Mohammad, Al-Salman, Rami, Khasawneh, Natheer, Conrad, Stefan
Médium: Journal Article
Jazyk:English
Vydavateľské údaje: Taylor & Francis Group 01.01.2012
Predmet:
classification
Computer information security
malicious JavaScript
Web testing
ISSN:1939-3555, 1939-3547
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:Malicious JavaScript code has been actively and recently utilized as a vehicle for Web-based security attacks. By exploiting vulnerabilities such as cross-site scripting (XSS), attackers are able to spread worms, conduct Phishing attacks, and do Web page redirection to "typically" porn Web sites. These attacks can be preemptively prevented if the malicious code is detected before executing. Based on the fact that a malignant code will exhibit certain features, we propose a novel classification-based detection approach that will identify Web pages containing infected code. Using datasets of trusted and malicious Web sites, we analyze the behavior and properties of JavaScript code to point out its key features. These features form the basis of our identification system and are used to properly train the various classifiers on malicious and benign data. Performance evaluation results show that our approach achieves a 95% or higher detection accuracy, with very small (less than 3%) false positive and false negative ratios. Our solution surpasses the performance of the comparable literature.
Bibliografia:ObjectType-Article-2
SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 23
ISSN:1939-3555
1939-3547
DOI:10.1080/19393555.2011.624160