JStrack: Enriching Malicious JavaScript Detection Based on AST Graph Analysis and Attention Mechanism

Rozi, Muhammad Fakhrur; Ban, Tao; Ozawa, Seiichi; Kim, Sang–Wook; Takahashi, Takeshi; Inoue, Daisuke

doi:10.1007/978-3-030-92270-2_57

Cited by 3 publications

(2 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, considering graph representation as a sequence is limited in that it loses the structural information of the graph feature, which is an important piece of information to capture from source code graph representations. On the other hand, Rozi et al [34] proposed a structural analysis of the AST feature by using GNN combined with the attention layer to enrich the detection to track the rough location of malicious code based on given the attention score. In that work, they tried to focus on how to track the maliciousness part, which has a different objective than our work.…”

Section: B Graph-based Approachesmentioning

confidence: 99%

See 1 more Smart Citation

Detecting Malicious JavaScript Using Structure-Based Analysis of Graph Representation

Rozi,

Ban,

Ozawa

et al. 2023

IEEE Access

Self Cite

View full text Add to dashboard Cite

Malicious JavaScript code in web applications poses a significant threat as cyber attackers exploit it to perform various malicious activities. Detecting these malicious scripts is challenging, given their diverse nature and the continuous evolution of attack techniques. Most approaches formulate this task as a static or sequential feature of the script, which is insufficient in terms of flexibility to various attack techniques and the ability to capture the script's semantic meaning. To address this issue, we propose an alternative approach that leverages JavaScript code's abstract syntax tree (AST) representation, focusing on distinctive syntactic structure features. The proposed approach uses graph neural networks to extract structural features from the AST graph while considering the attribute features of individual nodes, which uses neural message passing with neighborhood aggregation. The proposed method encodes both the local AST graph structure and attributes of the nodes. It enables capturing the source code's semantic meaning and exploits the signature structure in the AST representations. The proposed method consistently achieved high detection performance in extensive experiments on two different datasets, with accuracy scores of 99.4% and 96.92%. The obtained evaluation metrics demonstrate the effectiveness of our approach in accurately detecting malicious JavaScript code, with our proposed method successfully detecting more than 81% for various attack types and achieving an almost twofold performance improvement on JS-Droppers compared to the sequence-based approach. In addition, we observed that the AST graph structure represented the code's semantic meaning, exhibiting distinctive patterns and signatures that could be effectively captured using the proposed method.

show abstract

Section: B Graph-based Approachesmentioning

confidence: 99%

“…Furthermore, the use of a graph-based approach for JavaScript representation not only can be used for detecting the maliciousness of the source code, but it also can be a supporting feature for detecting malicious webpages [42] or websites [43].…”

Section: B Graph-based Approachesmentioning

confidence: 99%