JSObfusDetector: A binary PSO-based one-class classifier ensemble to detect obfuscated JavaScript code
作者: Mehran Jodavi , Mahdi Abadi , Elham Parhizkar
DOI: 10.1109/AISP.2015.7123508
关键词:
摘要: JavaScript code obfuscation has become a major technique used by malware writers to evade static analysis techniques. Over the past years, number of dynamic techniques have been proposed detect obfuscated malicious at runtime. However, because their runtime overheads, these are slow and thus not widely in practice. On other hand, since large quantity benign is protect intellectual property, it effective use intrinsic features for purposes. Therefore, we forced distinguish between non-obfuscated so that can devise an efficient code. In this paper, address issue presenting JSObfusDetector, novel one-class classifier ensemble To construct ensemble, apply binary particle swarm optimization (PSO) algorithm, called ParticlePruner, on initial SVM classifiers find sub-ensemble whose members both accurate diversity outputs. We evaluate JSObfusDetector using dataset The experimental results show achieve about 97% precision, 91 % recall, 94% F-measure.
researchgate.net 
sci-hub.se 参考文章(20)
Benjamin Zorn, Charles Curtsinger Benjamin Livshits, Christian Seifert, Zozzle: Low-overhead Mostly Static JavaScript Malware Detection ,(2010)
YoungHan Choi, TaeGhyoon Kim, SeokJin Choi, CheolWon Lee, Automatic Detection for JavaScript Obfuscation Attacks in Web Pages through String Pattern Analysis international conference on future generation information technology. ,vol. 5899, pp. 160- 172 ,(2009) , 10.1007/978-3-642-10509-8_19
Ismail Adel AL-Taharwa, Hahn-Ming Lee, Albert B. Jeng, Kuo-Ping Wu, Cheng-Seen Ho, Shyi-Ming Chen, JSOD: JavaScript obfuscation detector Security and Communication Networks. ,vol. 8, pp. 1092- 1107 ,(2015) , 10.1002/SEC.1064
J. R. Quinlan, Bagging, boosting, and C4.S national conference on artificial intelligence. pp. 725- 730 ,(1996)
Marco Cova, Christopher Kruegel, Giovanni Vigna, Detection and analysis of drive-by-download attacks and malicious JavaScript code the web conference. pp. 281- 290 ,(2010) , 10.1145/1772690.1772720
Igino Corona, Davide Maiorca, Davide Ariu, Giorgio Giacinto, None, Lux0R: Detection of Malicious PDF-embedded JavaScript code through Discriminant Analysis of API References Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop. pp. 47- 57 ,(2014) , 10.1145/2666652.2666657
Wei Xu, Fangfang Zhang, Sencun Zhu, The power of obfuscation techniques in malicious JavaScript code: A measurement study international conference on malicious and unwanted software. pp. 9- 16 ,(2012) , 10.1109/MALWARE.2012.6461002
Gaya K. Jayasinghe, J. Shane Culpepper, Peter Bertok, Efficient and effective realtime prediction of drive-by download attacks Journal of Network and Computer Applications. ,vol. 38, pp. 135- 149 ,(2014) , 10.1016/J.JNCA.2013.03.009
Wei Xu, Fangfang Zhang, Sencun Zhu, JStill Proceedings of the third ACM conference on Data and application security and privacy - CODASPY '13. pp. 117- 128 ,(2013) , 10.1145/2435349.2435364
Giorgio Giacinto, Roberto Perdisci, Mauro Del Rio, Fabio Roli, Intrusion detection in computer networks by a modular ensemble of one-class classifiers Information Fusion. ,vol. 9, pp. 69- 82 ,(2008) , 10.1016/J.INFFUS.2006.10.002