Detecting obfuscated suspicious JavaScript based on collaborative training

In the field of JavaScript malicious code detection, there has been a lot of research and application of machine learning methods. However, most of the researches use obfuscation recognition and then dynamic detection to deal with obfuscation malicious code. It is found that the structural features,...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Proceedings (International Conference on Communication Technology. Online) s. 1962 - 1966
Hlavní autoři: Wu, Hongcheng, Qin, Sujuan
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 01.10.2017
Témata:
Collaboration
collaborative training
Data models
Feature extraction
Machine learning
malicious code detection
malicious features
Malware
obfuscation features
Training
ISSN:2576-7828
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:In the field of JavaScript malicious code detection, there has been a lot of research and application of machine learning methods. However, most of the researches use obfuscation recognition and then dynamic detection to deal with obfuscation malicious code. It is found that the structural features, grammatical features and operation code features of JavaScript can be classified into two categories: obfuscation features which could easily recognize obfuscation and malicious features which could easily identify malicious code. Then, according to the cooperative relation of these two characteristics, this paper summarizes the collaborative training model, and uses the trained obfuscation recognizer and the malicious recognizer to decide whether the code is malicious or not. Through the experiment, the malicious code detection achieves 98.2% accuracy, and has completed the static detection part to the malicious detection.
ISSN:2576-7828
DOI:10.1109/ICCT.2017.8359972