Yan Qin, Weiping Wang, Zixian Chen, Hong Song, Shigeng Zhang
{"title":"TransAST:基于机器翻译的模糊恶意JavaScript检测方法","authors":"Yan Qin, Weiping Wang, Zixian Chen, Hong Song, Shigeng Zhang","doi":"10.1109/DSN58367.2023.00040","DOIUrl":null,"url":null,"abstract":"As an essential part of the website, JavaScript greatly enriches its functions. At the same time, JavaScript has become the most common attack payload on malicious websites. Although researchers are constantly proposing methods to detect malicious JavaScript, the emergence of obfuscation technology makes it difficult for previous approaches to detect disguised malicious JavaScript effectively. To solve this problem, we find that there are fixed templates for generating obfuscated code, which makes the original and obfuscated script have a mapping relationship in their structure. The structure information of the code is critical for malicious detection. Therefore, this paper proposes TransAST, a novel static detection method for obfuscated malicious JavaScript. Our approach's key is restoring the obfuscated JavaScript structure information by training the machine translation model. The experiment shows it can achieve 91.35% accuracy and 94.57% recall in the public dataset, which is 5.5% and 10.94% higher than the existing optimal method.","PeriodicalId":427725,"journal":{"name":"2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"TransAST: A Machine Translation-Based Approach for Obfuscated Malicious JavaScript Detection\",\"authors\":\"Yan Qin, Weiping Wang, Zixian Chen, Hong Song, Shigeng Zhang\",\"doi\":\"10.1109/DSN58367.2023.00040\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As an essential part of the website, JavaScript greatly enriches its functions. At the same time, JavaScript has become the most common attack payload on malicious websites. Although researchers are constantly proposing methods to detect malicious JavaScript, the emergence of obfuscation technology makes it difficult for previous approaches to detect disguised malicious JavaScript effectively. To solve this problem, we find that there are fixed templates for generating obfuscated code, which makes the original and obfuscated script have a mapping relationship in their structure. The structure information of the code is critical for malicious detection. Therefore, this paper proposes TransAST, a novel static detection method for obfuscated malicious JavaScript. Our approach's key is restoring the obfuscated JavaScript structure information by training the machine translation model. The experiment shows it can achieve 91.35% accuracy and 94.57% recall in the public dataset, which is 5.5% and 10.94% higher than the existing optimal method.\",\"PeriodicalId\":427725,\"journal\":{\"name\":\"2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)\",\"volume\":\"32 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DSN58367.2023.00040\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSN58367.2023.00040","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
TransAST: A Machine Translation-Based Approach for Obfuscated Malicious JavaScript Detection
As an essential part of the website, JavaScript greatly enriches its functions. At the same time, JavaScript has become the most common attack payload on malicious websites. Although researchers are constantly proposing methods to detect malicious JavaScript, the emergence of obfuscation technology makes it difficult for previous approaches to detect disguised malicious JavaScript effectively. To solve this problem, we find that there are fixed templates for generating obfuscated code, which makes the original and obfuscated script have a mapping relationship in their structure. The structure information of the code is critical for malicious detection. Therefore, this paper proposes TransAST, a novel static detection method for obfuscated malicious JavaScript. Our approach's key is restoring the obfuscated JavaScript structure information by training the machine translation model. The experiment shows it can achieve 91.35% accuracy and 94.57% recall in the public dataset, which is 5.5% and 10.94% higher than the existing optimal method.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
