Malicious JavaScript Detection by Features Extraction
In recent years, JavaScript-based attacks have become one of the most common and successful types of attack. Existing techniques for detecting malicious JavaScripts could fail for different reasons. Some techniques are tailored on specific kinds of attacks, and are ineffective for others. Some other...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wroclaw University of Science and Technology
2015-06-01
|
| Series: | e-Informatica Software Engineering Journal |
| Subjects: | |
| Online Access: | http://www.e-informatyka.pl/attach/e-Informatica_-_Volume_8/eInformatica2014Art5.pdf |
| _version_ | 1819047789165805568 |
|---|---|
| author | Gerardo Canfora Francesco Mercaldo Corrado Aaron Visaggio |
| author_facet | Gerardo Canfora Francesco Mercaldo Corrado Aaron Visaggio |
| author_sort | Gerardo Canfora |
| collection | DOAJ |
| description | In recent years, JavaScript-based attacks have become one of the most common and successful types of attack. Existing techniques for detecting malicious JavaScripts could fail for different reasons. Some techniques are tailored on specific kinds of attacks, and are ineffective for others. Some other techniques require costly computational resources to be implemented. Other techniques could be circumvented with evasion methods. This paper proposes a method for detecting malicious JavaScript code based on five features that capture different characteristics of a script: execution time, external referenced domains and calls to JavaScript functions. Mixing different types of features could result in a more effective detection technique, and overcome the limitations of existing tools created for identifying malicious JavaScript. The experimentation carried out suggests that a combination of these features is able to successfully detect malicious JavaScript code (in the best cases we obtained a precision of 0.979 and a recall of 0.978). |
| first_indexed | 2024-12-21T11:05:56Z |
| format | Article |
| id | doaj.art-ffb1293311cf45bfb4865f519bf6927b |
| institution | Directory Open Access Journal |
| issn | 1897-7979 2084-4840 |
| language | English |
| last_indexed | 2024-12-21T11:05:56Z |
| publishDate | 2015-06-01 |
| publisher | Wroclaw University of Science and Technology |
| record_format | Article |
| series | e-Informatica Software Engineering Journal |
| spelling | doaj.art-ffb1293311cf45bfb4865f519bf6927b2022-12-21T19:06:13ZengWroclaw University of Science and Technologye-Informatica Software Engineering Journal1897-79792084-48402015-06-01816578Malicious JavaScript Detection by Features ExtractionGerardo Canfora0Francesco Mercaldo1Corrado Aaron Visaggio2Department of Engineering, University of SannioDepartment of Engineering, University of SannioDepartment of Engineering, University of SannioIn recent years, JavaScript-based attacks have become one of the most common and successful types of attack. Existing techniques for detecting malicious JavaScripts could fail for different reasons. Some techniques are tailored on specific kinds of attacks, and are ineffective for others. Some other techniques require costly computational resources to be implemented. Other techniques could be circumvented with evasion methods. This paper proposes a method for detecting malicious JavaScript code based on five features that capture different characteristics of a script: execution time, external referenced domains and calls to JavaScript functions. Mixing different types of features could result in a more effective detection technique, and overcome the limitations of existing tools created for identifying malicious JavaScript. The experimentation carried out suggests that a combination of these features is able to successfully detect malicious JavaScript code (in the best cases we obtained a precision of 0.979 and a recall of 0.978).http://www.e-informatyka.pl/attach/e-Informatica_-_Volume_8/eInformatica2014Art5.pdfmalicious JavaScripts |
| spellingShingle | Gerardo Canfora Francesco Mercaldo Corrado Aaron Visaggio Malicious JavaScript Detection by Features Extraction e-Informatica Software Engineering Journal malicious JavaScripts |
| title | Malicious JavaScript Detection by Features Extraction |
| title_full | Malicious JavaScript Detection by Features Extraction |
| title_fullStr | Malicious JavaScript Detection by Features Extraction |
| title_full_unstemmed | Malicious JavaScript Detection by Features Extraction |
| title_short | Malicious JavaScript Detection by Features Extraction |
| title_sort | malicious javascript detection by features extraction |
| topic | malicious JavaScripts |
| url | http://www.e-informatyka.pl/attach/e-Informatica_-_Volume_8/eInformatica2014Art5.pdf |
| work_keys_str_mv | AT gerardocanfora maliciousjavascriptdetectionbyfeaturesextraction AT francescomercaldo maliciousjavascriptdetectionbyfeaturesextraction AT corradoaaronvisaggio maliciousjavascriptdetectionbyfeaturesextraction |