Abstract
This thesis analyzes the malicious essence of malicious JavaScript and the implementation of malicious functions. Then, this thesis combines the result with the taint analysis technology in the field of software vulnerability analysis, and proposes a new malicious JavaScript detection method based on taint analysis. This method defines the taint source and taint sink point according to the implementation of malicious code functions, and then performs taint propagation on the abstract syntax tree of the code to obtain the characteristics of the code. After forming a feature vector through the process, this thesis finally uses machine learning models to complete detection. Experimental results show that the method can well complete the binary classification of malicious and benign samples, and the detection effect on the obfuscated samples is significantly better than mainstream online anti-malware engines. Code obfuscation can hardly affect detection results of this method.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bhatia, T., Kaushal, R.: Malware detection in android based on dynamic analysis. In: 2017 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), pp. 1–6. IEEE (2017)
Chen, P., Gong, M.L.: The vulnerability detection method based on compression coding of abstract syntax tree. J. Inf. Secur. Res. (2022)
Cui, Z., Xue, F., Cai, X., Cao, Y., Wang, G.G., Chen, J.: Detection of malicious code variants based on deep learning. IEEE Trans. Ind. Inf. 14(7), 3187–3196 (2018)
Ding, Y., Xia, X., Chen, S., Li, Y.: A malware detection method based on family behavior graph. Comput. Secur. 73, 73–86 (2018)
Edwards, M., Xie, X.: Graph based convolutional neural network. arXiv preprint arXiv:1609.08965 (2016)
Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 1–29 (2014)
Jayasundara, V., Bui, N.D.Q., Jiang, L., Lo, D.: TreeCaps: tree-structured capsule networks for program source code processing. arXiv preprint arXiv:1910.12306 (2019)
Jindal, C., Salls, C., Aghakhani, H., Long, K., Kruegel, C., Vigna, G.: Neurlux: dynamic malware analysis without feature engineering. In: Proceedings of the 35th Annual Computer Security Applications Conference, pp. 444–455 (2019)
Karim, R., Tip, F., Sochrková, A., Sen, K.: Platform-independent dynamic taint analysis for JavaScript. IEEE Trans. Softw. Eng. 46(12), 1364–1379 (2018)
Kreindl, J., Bonetta, D., Stadler, L., Leopoldseder, D., Mössenböck, H.: Multi-language dynamic taint analysis in a polyglot virtual machine. In: Proceedings of the 17th International Conference on Managed Programming Languages and Runtimes, pp. 15–29 (2020)
Li: Research on JavaScript malicious code detection model based on anti-obfuscated technology. Master’s thesis, Beijing University of Posts and Telecommunications (2019)
Liang, B., Pang, S., Yue, Z.: A malware detection method based on hybrid learning. Acta Electron. Sin. 49(2), 286 (2021)
Likarish, P., Jung, E., Jo, I.: Obfuscated malicious JavaScript detection using classification techniques. In: 2009 4th International Conference on Malicious and Unwanted Software (MALWARE), pp. 47–54. IEEE (2009)
Ming, J., Wu, D., Xiao, G., Wang, J., Liu, P.: TaintPipe: pipelined symbolic taint analysis. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 65–80 (2015)
Mou, L., Li, G., Zhang, L., Wang, T., Jin, Z.: Convolutional neural networks over tree structures for programming language processing. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 30 (2016)
Narvekar, A.N., Joshi, K.K.: Security sandbox model for modern web environment. In: 2017 International Conference on Nascent Technologies in Engineering (ICNTE), pp. 1–6. IEEE (2017)
Nawrocki, M., Wählisch, M., Schmidt, T.C., Keil, C., Schönfelder, J.: A survey on honeypot software and data analysis. arXiv preprint arXiv:1608.06249 (2016)
Rathi, D., Jindal, R.: DroidMark: a tool for android malware detection using taint analysis and Bayesian network. arXiv preprint arXiv:1805.06620 (2018)
Wang, J., Xue, Y., Liu, Y., Tan, T.H.: JSDC: a hybrid approach for JavaScript malware detection and classification. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 109–120 (2015)
Yu, H., Lam, W., Chen, L., Li, G., Xie, T., Wang, Q.: Neural detection of semantic code clones via tree-based convolution. In: 2019 IEEE/ACM 27th International Conference on Program Comprehension (ICPC), pp. 70–80. IEEE (2019)
Zhang, S.W.: Multi-granularity android malware fast detection based on opcode. Chin. J. Netw. Inf. Secur. 5(6), 85–94 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Ma, Y., Wu, H., Tan, Ya., Li, Y. (2024). Research on Evasion and Detection of Malicious JavaScript Code. In: Kim, D.D., Chen, C. (eds) Machine Learning for Cyber Security. ML4CS 2023. Lecture Notes in Computer Science, vol 14541. Springer, Singapore. https://doi.org/10.1007/978-981-97-2458-1_8
Download citation
DOI: https://doi.org/10.1007/978-981-97-2458-1_8
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-97-2457-4
Online ISBN: 978-981-97-2458-1
eBook Packages: Computer ScienceComputer Science (R0)