JACLNet:Application of adaptive code length network in JavaScript malicious code detection.
Currently, JavaScript malicious code detection methods are becoming more and more effective. Still, the existing methods based on deep learning are poor at detecting too long or too short JavaScript code. Based on this, this paper proposes an adaptive code length deep learning network JACLNet, compo...
Main Authors: | , , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Public Library of Science (PLoS)
2022-01-01
|
Series: | PLoS ONE |
Online Access: | https://doi.org/10.1371/journal.pone.0277891 |
_version_ | 1797956139357306880 |
---|---|
author | Zhining Zhang Liang Wan Kun Chu Shusheng Li Haodong Wei Lu Tang |
author_facet | Zhining Zhang Liang Wan Kun Chu Shusheng Li Haodong Wei Lu Tang |
author_sort | Zhining Zhang |
collection | DOAJ |
description | Currently, JavaScript malicious code detection methods are becoming more and more effective. Still, the existing methods based on deep learning are poor at detecting too long or too short JavaScript code. Based on this, this paper proposes an adaptive code length deep learning network JACLNet, composed of convolutional block RDCNet, BiLSTM and Transfrom, to capture the association features of the variable distance between codes. Firstly, an abstract syntax tree recombination algorithm is designed to provide rich syntax information for feature extraction. Secondly, a deep residual convolution block network (RDCNet) is designed to capture short-distance association features between codes. Finally, this paper proposes a JACLNet network for JavaScript malicious code detection. To verify that the model presented in this paper can effectively detect variable JavaScript code, we divide the datasets used in this paper into long text dataset DB_Long; short text dataset DB_Short, original dataset DB_Or and enhanced dataset DB_Re. In DB_Long, our method's F1 - score is 98.87%, higher than that of JSContana by 2.52%. In DB_Short, our method's F1-score is 97.32%, higher than that of JSContana by 7.79%. To verify that the abstract syntax tree recombination algorithm proposed in this paper can provide rich syntax information for subsequent models, we conduct comparative experiments on DB_Or and DB_Re. In DPCNN+BiLSTM, F1-score with abstract syntax tree recombination increased by 1.72%, and in JSContana, F1-score with abstract syntax tree recombination increased by 1.50%. F1-score with abstract syntax tree recombination in JACNet improved by 1.00% otherwise unused. |
first_indexed | 2024-04-10T23:44:12Z |
format | Article |
id | doaj.art-eb6a9c9af180452ca1ce0ad7d3428689 |
institution | Directory Open Access Journal |
issn | 1932-6203 |
language | English |
last_indexed | 2024-04-10T23:44:12Z |
publishDate | 2022-01-01 |
publisher | Public Library of Science (PLoS) |
record_format | Article |
series | PLoS ONE |
spelling | doaj.art-eb6a9c9af180452ca1ce0ad7d34286892023-01-11T05:32:28ZengPublic Library of Science (PLoS)PLoS ONE1932-62032022-01-011712e027789110.1371/journal.pone.0277891JACLNet:Application of adaptive code length network in JavaScript malicious code detection.Zhining ZhangLiang WanKun ChuShusheng LiHaodong WeiLu TangCurrently, JavaScript malicious code detection methods are becoming more and more effective. Still, the existing methods based on deep learning are poor at detecting too long or too short JavaScript code. Based on this, this paper proposes an adaptive code length deep learning network JACLNet, composed of convolutional block RDCNet, BiLSTM and Transfrom, to capture the association features of the variable distance between codes. Firstly, an abstract syntax tree recombination algorithm is designed to provide rich syntax information for feature extraction. Secondly, a deep residual convolution block network (RDCNet) is designed to capture short-distance association features between codes. Finally, this paper proposes a JACLNet network for JavaScript malicious code detection. To verify that the model presented in this paper can effectively detect variable JavaScript code, we divide the datasets used in this paper into long text dataset DB_Long; short text dataset DB_Short, original dataset DB_Or and enhanced dataset DB_Re. In DB_Long, our method's F1 - score is 98.87%, higher than that of JSContana by 2.52%. In DB_Short, our method's F1-score is 97.32%, higher than that of JSContana by 7.79%. To verify that the abstract syntax tree recombination algorithm proposed in this paper can provide rich syntax information for subsequent models, we conduct comparative experiments on DB_Or and DB_Re. In DPCNN+BiLSTM, F1-score with abstract syntax tree recombination increased by 1.72%, and in JSContana, F1-score with abstract syntax tree recombination increased by 1.50%. F1-score with abstract syntax tree recombination in JACNet improved by 1.00% otherwise unused.https://doi.org/10.1371/journal.pone.0277891 |
spellingShingle | Zhining Zhang Liang Wan Kun Chu Shusheng Li Haodong Wei Lu Tang JACLNet:Application of adaptive code length network in JavaScript malicious code detection. PLoS ONE |
title | JACLNet:Application of adaptive code length network in JavaScript malicious code detection. |
title_full | JACLNet:Application of adaptive code length network in JavaScript malicious code detection. |
title_fullStr | JACLNet:Application of adaptive code length network in JavaScript malicious code detection. |
title_full_unstemmed | JACLNet:Application of adaptive code length network in JavaScript malicious code detection. |
title_short | JACLNet:Application of adaptive code length network in JavaScript malicious code detection. |
title_sort | jaclnet application of adaptive code length network in javascript malicious code detection |
url | https://doi.org/10.1371/journal.pone.0277891 |
work_keys_str_mv | AT zhiningzhang jaclnetapplicationofadaptivecodelengthnetworkinjavascriptmaliciouscodedetection AT liangwan jaclnetapplicationofadaptivecodelengthnetworkinjavascriptmaliciouscodedetection AT kunchu jaclnetapplicationofadaptivecodelengthnetworkinjavascriptmaliciouscodedetection AT shushengli jaclnetapplicationofadaptivecodelengthnetworkinjavascriptmaliciouscodedetection AT haodongwei jaclnetapplicationofadaptivecodelengthnetworkinjavascriptmaliciouscodedetection AT lutang jaclnetapplicationofadaptivecodelengthnetworkinjavascriptmaliciouscodedetection |