JACLNet:Application of adaptive code length network in JavaScript malicious code detection

Currently, JavaScript malicious code detection methods are becoming more and more effective. Still, the existing methods based on deep learning are poor at detecting too long or too short JavaScript code. Based on this, this paper proposes an adaptive code length deep learning network JACLNet, compo...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:PloS one Ročník 17; číslo 12; s. e0277891
Hlavní autoři: Zhang, Zhining, Wan, Liang, Chu, Kun, Li, Shusheng, Wei, Haodong, Tang, Lu
Médium: Journal Article
Jazyk:angličtina
Vydáno: United States Public Library of Science 14.12.2022
Public Library of Science (PLoS)
Témata:
Algorithms
Biology and Life Sciences
Computer and Information Sciences
Computer Security
Data security
Datasets
Deep learning
Feature extraction
Java
Java (Computer program language)
JavaScript
Machine learning
Malware
Management
Neural networks
Physical Sciences
Prevention
Recombination
Research and Analysis Methods
Social Sciences
Spyware
Syntax
Trees
China
ISSN:1932-6203, 1932-6203
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Currently, JavaScript malicious code detection methods are becoming more and more effective. Still, the existing methods based on deep learning are poor at detecting too long or too short JavaScript code. Based on this, this paper proposes an adaptive code length deep learning network JACLNet, composed of convolutional block RDCNet, BiLSTM and Transfrom, to capture the association features of the variable distance between codes. Firstly, an abstract syntax tree recombination algorithm is designed to provide rich syntax information for feature extraction. Secondly, a deep residual convolution block network (RDCNet) is designed to capture short-distance association features between codes. Finally, this paper proposes a JACLNet network for JavaScript malicious code detection. To verify that the model presented in this paper can effectively detect variable JavaScript code, we divide the datasets used in this paper into long text dataset DB_Long; short text dataset DB_Short, original dataset DB_Or and enhanced dataset DB_Re. In DB_Long, our method’s F 1 − score is 98.87%, higher than that of JSContana by 2.52%. In DB_Short, our method’s F 1- score is 97.32%, higher than that of JSContana by 7.79%. To verify that the abstract syntax tree recombination algorithm proposed in this paper can provide rich syntax information for subsequent models, we conduct comparative experiments on DB_Or and DB_Re. In DPCNN+BiLSTM, F 1- score with abstract syntax tree recombination increased by 1.72%, and in JSContana, F 1- score with abstract syntax tree recombination increased by 1.50%. F 1- score with abstract syntax tree recombination in JACNet improved by 1.00% otherwise unused.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
content type line 23
Competing Interests: The authors have declared that no competing interests exist.
ISSN:1932-6203
1932-6203
DOI:10.1371/journal.pone.0277891