一种聚类恶意JavaScript的新方法

2014 IEEE 5th International Conference on Software Engineering and Service Science Pub Date : 2014-06-27 DOI:10.1109/ICSESS.2014.6933535

Liu Biao, Huamin Feng, Zhang Kejun, Li Yang

{"title":"一种聚类恶意JavaScript的新方法","authors":"Liu Biao, Huamin Feng, Zhang Kejun, Li Yang","doi":"10.1109/ICSESS.2014.6933535","DOIUrl":null,"url":null,"abstract":"In the recent years, many hostile websites have been using polymorphic JavaScript in order to conceal its code. The virtual execution is considered to be effective to process and detect such types of JavaScript. However, a challenge often encountered with that approach is the mandatory preparation of very detail-oriented environments that may also require specific user-driven events for the malicious JavaScript to execute properly as it was designed to. This paper proposes a hierarchical clustering algorithm based on tree edit distance to recognize and categorize hostile JavaScript. Firstly, the JavaScript's abstract syntax tree is constructed to be structural analysis. Secondly, the similarity of two JavaScript is calculated by tree-matching algorithm based on tree edit distance. Finally, the hierarchical clustering of malicious JavaScript is determined by predefined threshold. Our promising results confirm the effectiveness of the approach.","PeriodicalId":6473,"journal":{"name":"2014 IEEE 5th International Conference on Software Engineering and Service Science","volume":"1 1","pages":"157-160"},"PeriodicalIF":0.0000,"publicationDate":"2014-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"A new approach of clustering malicious JavaScript\",\"authors\":\"Liu Biao, Huamin Feng, Zhang Kejun, Li Yang\",\"doi\":\"10.1109/ICSESS.2014.6933535\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In the recent years, many hostile websites have been using polymorphic JavaScript in order to conceal its code. The virtual execution is considered to be effective to process and detect such types of JavaScript. However, a challenge often encountered with that approach is the mandatory preparation of very detail-oriented environments that may also require specific user-driven events for the malicious JavaScript to execute properly as it was designed to. This paper proposes a hierarchical clustering algorithm based on tree edit distance to recognize and categorize hostile JavaScript. Firstly, the JavaScript's abstract syntax tree is constructed to be structural analysis. Secondly, the similarity of two JavaScript is calculated by tree-matching algorithm based on tree edit distance. Finally, the hierarchical clustering of malicious JavaScript is determined by predefined threshold. Our promising results confirm the effectiveness of the approach.\",\"PeriodicalId\":6473,\"journal\":{\"name\":\"2014 IEEE 5th International Conference on Software Engineering and Service Science\",\"volume\":\"1 1\",\"pages\":\"157-160\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-06-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 IEEE 5th International Conference on Software Engineering and Service Science\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSESS.2014.6933535\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE 5th International Conference on Software Engineering and Service Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSESS.2014.6933535","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

近年来，许多恶意网站一直在使用多态JavaScript来隐藏其代码。虚拟执行被认为是处理和检测此类JavaScript类型的有效方法。然而，这种方法经常遇到的一个挑战是，必须准备非常面向细节的环境，这些环境可能还需要特定的用户驱动事件，以便恶意JavaScript按照设计的方式正确执行。提出了一种基于树编辑距离的分层聚类算法对恶意JavaScript进行识别和分类。首先，构建JavaScript的抽象语法树进行结构分析。其次，采用基于树编辑距离的树匹配算法计算两种JavaScript的相似度;最后，通过预定义阈值确定恶意JavaScript的分层聚类。我们令人鼓舞的结果证实了该方法的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A new approach of clustering malicious JavaScript

In the recent years, many hostile websites have been using polymorphic JavaScript in order to conceal its code. The virtual execution is considered to be effective to process and detect such types of JavaScript. However, a challenge often encountered with that approach is the mandatory preparation of very detail-oriented environments that may also require specific user-driven events for the malicious JavaScript to execute properly as it was designed to. This paper proposes a hierarchical clustering algorithm based on tree edit distance to recognize and categorize hostile JavaScript. Firstly, the JavaScript's abstract syntax tree is constructed to be structural analysis. Secondly, the similarity of two JavaScript is calculated by tree-matching algorithm based on tree edit distance. Finally, the hierarchical clustering of malicious JavaScript is determined by predefined threshold. Our promising results confirm the effectiveness of the approach.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 IEEE 5th International Conference on Software Engineering and Service Science

自引率

0.00%

发文量