A deep learning approach for detecting malicious JavaScript code

Wang, Yao; Cai, Weiquan; Wei, Pengcheng

doi:10.1002/sec.1441

Cited by 129 publications

(60 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Similar work was done earlier by Y. Wang et al using deep learning [27]. Wang et al used deep features extracted by stacked denoising autoencoders (SdA) to detect malicious JavaScript codes [27].…”

Section: Related Workmentioning

confidence: 93%

See 1 more Smart Citation

JSLess: A Tale of a Fileless Javascript Memory-Resident Malware

Saad

Mahmood

Briguglio

et al. 2019

Information Security Practice and Experience

View full text Add to dashboard Cite

New computing paradigms, modern feature-rich programming languages and off-the-shelf software libraries enabled the development of new sophisticated malware families. Evidence of this phenomena is the recent growth of fileless malware attacks. Fileless malware or memory resident malware is an example of an Advanced Volatile Threat (AVT). In a fileless malware attack, the malware writes itself directly onto the main memory (RAM) of the compromised device without leaving any trace on the compromised device's file system. For this reason, fileless malware presents a difficult challenge for traditional malware detection tools and in particular signature-based detection. Moreover, fileless malware forensics and reverse engineering are nearly impossible using traditional methods. The majority of fileless malware attacks in the wild take advantage of MS PowerShell, however, fileless malware are not limited to MS PowerShell. In this paper, we designed and implemented a fileless malware by taking advantage of new features in Javascript and HTML5. The proposed fileless malware could infect any device that supports Javascript and HTML5. It serves as a proof-of-concept (PoC) to demonstrate the threats of fileless malware in web applications. We used the proposed fileless malware to evaluate existing methods and techniques for malware detection in web applications. We tested the proposed fileless malware with several free and commercial malware detection tools that apply both static and dynamic analysis. The proposed fileless malware bypassed all the anti-malware detection tools included in our study. In our analysis, we discussed the limitations of existing approaches/tools and suggested possible detection and mitigation techniques.

show abstract

Section: Related Workmentioning

confidence: 93%

“…These vectors can be used to train a neural network that classifies the JavaScript code as normal or malicious [16]. Similar work was done earlier by Y. Wang et al using deep learning [27]. Wang et al used deep features extracted by stacked denoising autoencoders (SdA) to detect malicious JavaScript codes [27].…”

Section: Related Workmentioning

confidence: 97%

JSLess: A Tale of a Fileless Javascript Memory-Resident Malware

Saad

Mahmood

Briguglio

et al. 2019

Information Security Practice and Experience

View full text Add to dashboard Cite

show abstract

“…Wang et al [27] propose an approach for detecting malicious JavaScript. Their method uses a 3 layer SdA with linear regression.…”

Section: Existing Workmentioning

confidence: 99%

A Deep Learning Approach to Network Intrusion Detection

Shone

Ngoc

Phai

et al. 2018

IEEE Trans. Emerg. Top. Comput. Intell.

1,052

432

View full text Add to dashboard Cite

Abstract-Network Intrusion Detection Systems (NIDSs) play a crucial role in defending computer networks. However, there are concerns regarding the feasibility and sustainability of current approaches when faced with the demands of modern networks. More specifically, these concerns relate to the increasing levels of required human interaction and the decreasing levels of detection accuracy. This paper presents a novel deep learning technique for intrusion detection, which addresses these concerns. We detail our proposed non-symmetric deep auto-encoder (NDAE) for unsupervised feature learning. Furthermore, we also propose our novel deep learning classification model constructed using stacked NDAEs. Our proposed classifier has been implemented in GPU-enabled TensorFlow and evaluated using the benchmark KDD Cup '99 and NSL-KDD datasets. Promising results have been obtained from our model thus far, demonstrating improvements over existing approaches and the strong potential for use in modern NIDSs.

show abstract

“…In addition, some online learning algorithms, including PA, CW, AROW, have been proposed [5]. In 2016, [1] uses deep learning approach to detect malicious JavaScript code, which provides a new idea for the research.…”

Section: Malicious Url Detection Using Machine Learningmentioning

confidence: 99%

“…Technically, the existing works can be classified to three categories: 1) Blacklist-based, it has the advantage of efficiency and high accuracy, but it cannot detect unknown malicious website. 2) Content-based, it detects a webpage by examining its code or behavior [1]. Due to the need of online content analysis, it is difficult to give a real-time response.…”

Section: Introductionmentioning

confidence: 99%

Malicious Website Detection Based on URLs Static Features

Wu¹,

Min²,

Li³

et al. 2018

dtcse

View full text Add to dashboard Cite

Abstract. Real-time and effectiveness are two basic requirements in URL-based malicious website detection. Based on the analysis of malicious URLs construction pattern, this paper puts forward a method to detect malicious website based on URLs static features. All features used in classification are extracted using statistic and there is no need to online access to obtain additional information about website, which reduces detection time greatly. At the same time, a feature reduction method is given in feature vector construction. Combined with reasonable selection of machine learning algorithm, our method can achieve both high accuracy and high efficiency. A series of comparative experiments proved the effectiveness of our method.

show abstract

A deep learning approach for detecting malicious JavaScript code

Cited by 129 publications

References 20 publications

JSLess: A Tale of a Fileless Javascript Memory-Resident Malware

JSLess: A Tale of a Fileless Javascript Memory-Resident Malware

A Deep Learning Approach to Network Intrusion Detection

Malicious Website Detection Based on URLs Static Features

Contact Info

Product

Resources

About