JavaScript malware behaviour analysis and detection using sandbox assisted ensemble model | IEEE Conference Publication | IEEE Xplore
Subscribe
ADVANCED SEARCH
Conferences >2020 IEEE REGION 10 CONFERENC...

JavaScript malware behaviour analysis and detection using sandbox assisted ensemble model

PDF
Pushkar Kishore; Swadhin Kumar Barisal; Durga Prasad Mohapatra
All Authors

Abstract:

Whenever any internet user visits a website, a scripting language runs in the background known as JavaScript. The embedding of malicious activities within the script pose...Show More

Metadata

Abstract:

Whenever any internet user visits a website, a scripting language runs in the background known as JavaScript. The embedding of malicious activities within the script poses a great threat to the cyberworld. Attackers take advantage of the dynamic nature of the JavaScript and embed malicious code within the website to download malware and damage the host. JavaScript developers obfuscate the script to keep it shielded from getting detected by the malware detectors. In this paper, we propose a novel technique for analysing and detecting JavaScript using sandbox assisted ensemble model. We extract the payload using malware-jail sandbox to get the real script. Upon getting the extracted script, we analyse it to define the features that are needed for creating the dataset. We compute Pearson's r between every feature for feature extraction. An ensemble model consisting of Sequential Minimal Optimization (SMO), Voted Perceptron and AdaBoost algorithm is used with voting technique to detect malicious JavaScript. Experimental results show that our proposed model can detect obfuscated and de-obfuscated malicious JavaScript with an accuracy of 99.6% and 0.03s detection time. Our model performs better than other state-of-the-art models in terms of accuracy and least training and detection time.
Published in: 2020 IEEE REGION 10 CONFERENCE (TENCON)
Date of Conference: 16-19 November 2020
Date Added to IEEE Xplore: 22 December 2020
ISBN Information:

ISSN Information:

DOI: 10.1109/TENCON50793.2020.9293847
Conference Location: Osaka, Japan
Contents

I. Introduction

Human life is rapidly getting affected by the internet technology, but these enriched internet applications exposed numerous cybersecurity threats. In host malware detection, we use system calls generated by the malicious or benign executables. So, there is a tool named NITRSCT [1], which traces the sequential system calls and helps in the dataset creation. But, in the case of malicious websites, we need to monitor scripts. JavaScript language is uncomplicated and leads the three core technologies of the World Wide Web, along with HyperText Markup Language and Cascading Style Sheets. So, it is extensively accessible on the internet [2]. Attackers inject malicious JavaScript code into web-pages such as Trojan Viruses, obtaining user’s personal information and mining data [3], [4]. According to a report published by Tencent Anti-Virus Lab in 2018, VBS accounts for 50.65% of all non-portable executable virus and TOP2, a JavaScript virus accounts for 23.21%. Also, Microsoft security report indicates that count of JavaScript malware is largest in the first half of 2013 [5]. The JavaScript available on the webpage is adjustable and mercurial. Attackers encrypt or obfuscate the script to conceal its malicious behaviour from the malware detector. Some tools can deobfuscate the JavaScript code, but partially. The final steps for getting the real payload needs manual intervention, which is cost-intensive and complicated. The openness and span of the web applications spread the malicious code and fulfills the objective of the attackers. Thus, it is of utmost importance to detect the malicious JavaScript available on the web-pages. Traditional antivirus uses signature-based detection technique, which is imprecise since it is nonresistant to evolving and obfuscated JavaScript. Seeing the deluge of the malicious script and failure of malware detector in detecting them, our objective is to propose a JavaScript malware detection model based on defining feature selection from its analysis using malware-jail sandbox1. This model will improve the detection accuracy with least training as well as detection time. Our proposed model has the innovations listed below:

Contact IEEE to Subscribe
More Like This
Proof: Pre-training Model of Malware Family Classification based on Active Defense

IEEE Transactions on Sustainable Computing

Published: 2025

Fest: A feature extraction and selection tool for Android malware detection

2015 IEEE Symposium on Computers and Communication (ISCC)

Published: 2015

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.