Detecting obfuscated suspicious JavaScript based on collaborative training

摘要

In the field of JavaScript malicious code detection, there has been a lot of research and application of machine learning methods. However, most of the researches use obfuscation recognition and then dynamic detection to deal with obfuscation malicious code. It is found that the structural features, grammatical features and operation code features of JavaScript can be classified into two categories: obfuscation features which could easily recognize obfuscation and malicious features which could easily identify malicious code. Then, according to the cooperative relation of these two characteristics, this paper summarizes the collaborative training model, and uses the trained obfuscation recognizer and the malicious recognizer to decide whether the code is malicious or not. Through the experiment, the malicious code detection achieves 98.2% accuracy, and has completed the static detection part to the malicious detection.