Visible to the public JavaScript malware behaviour analysis and detection using sandbox assisted ensemble model

TitleJavaScript malware behaviour analysis and detection using sandbox assisted ensemble model
Publication TypeConference Paper
Year of Publication2020
AuthorsKishore, Pushkar, Barisal, Swadhin Kumar, Prasad Mohapatra, Durga
Date PublishedNov. 2020
ISBN Number978-1-7281-8455-5
KeywordsAdaBoost, Analytical models, Collaboration, collaboration agreements, composability, Computational modeling, feature extraction, JavaScript, Malware, Payloads, policy-based governance, pubcrawl, sandbox, Sandboxing, Scalability, Sequential Minimal Optimization, Tools, Training, Voted Perceptron

Whenever any internet user visits a website, a scripting language runs in the background known as JavaScript. The embedding of malicious activities within the script poses a great threat to the cyberworld. Attackers take advantage of the dynamic nature of the JavaScript and embed malicious code within the website to download malware and damage the host. JavaScript developers obfuscate the script to keep it shielded from getting detected by the malware detectors. In this paper, we propose a novel technique for analysing and detecting JavaScript using sandbox assisted ensemble model. We extract the payload using malware-jail sandbox to get the real script. Upon getting the extracted script, we analyse it to define the features that are needed for creating the dataset. We compute Pearson's r between every feature for feature extraction. An ensemble model consisting of Sequential Minimal Optimization (SMO), Voted Perceptron and AdaBoost algorithm is used with voting technique to detect malicious JavaScript. Experimental results show that our proposed model can detect obfuscated and de-obfuscated malicious JavaScript with an accuracy of 99.6% and 0.03s detection time. Our model performs better than other state-of-the-art models in terms of accuracy and least training and detection time.

Citation Keykishore_javascript_2020