Analysis and Identification of Malicious JavaScript Code

摘要

Malicious JavaScript code has been actively and recently utilized as a vehicle for Web-based security attacks. By exploiting vulnerabilities such as cross-site scripting (XSS), attackers are able to spread worms, conduct Phishing attacks, and do Web page redirection to "typically" porn Web sites. These attacks can be preemptively prevented if the malicious code is detected before executing. Based on the fact that a malignant code will exhibit certain features, we propose a novel classification-based detection approach that will identify Web pages containing infected code. Using datasets of trusted and malicious Web sites, we analyze the behavior and properties of JavaScript code to point out its key features. These features form the basis of our identification system and are used to properly train the various classifiers on malicious and benign data. Performance evaluation results show that our approach achieves a 95% or higher detection accuracy, with very small (less than 3%) false positive and false negative ratios. Our solution surpasses the performance of the comparable literature.