Skip to main content
SpringerLink
Log in

MalJs: Lexical, Structural and Behavioral Analysis of Malicious JavaScripts Using Ensemble Classifier

  • Conference paper
  • First Online:
Security in Computing and Communications (SSCC 2016)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 625))

Included in the following conference series:

  • 867 Accesses

Abstract

Over the past few years javascript has grown up and revolutionized the web by allowing user defined scripts to run inside a web browser. The application of javascript ranges from providing beautiful visualization to performing complex data analytics and modeling machine learning algorithms. However javascript are also widely being used as a channel to execute malicious activities by means of redirection, drive-by-download, vulnerability exploitation and many more in the client side. In this paper we analyze the lexical, structural and behavior characteristics of javascript code to identify malicious javascript in the wild. Performance evaluation results show that our approach achieves better accuracy, with very small false positive and false negative ratios.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Hao, Y., et al.: JavaScript malicious codes analysis based on naive bayes classification. In: 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC). IEEE (2014)

    Google Scholar 

  2. Santos, I., et al.: N-grams-based file signatures for malware detection. ICEIS 2(9), 317–320 (2009)

    Google Scholar 

  3. Wang, W-H, et al.: A static malicious javascript detection using SVM. In: Proceedings of the International Conference on Computer Science and Electronics Engineering, vol. 40 (2013)

    Google Scholar 

  4. Egele, M., Wurzinger, P., Kruegel, C., Kirda, E.: Defending browsers against drive-by downloads: mitigating heap-spraying code injection attacks. In: Flegel, U., Bruschi, D. (eds.) DIMVA 2009. LNCS, vol. 5587, pp. 88–106. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  5. Choi, Y., Kim, T., Choi, S., Lee, C.: Automatic detection for javascript obfuscation attacks in web pages through string pattern analysis. In: Lee, Y.-h., Kim, T.-h., Fang, W.-c., Ślęzak, D. (eds.) FGIT 2009. LNCS, vol. 5899, pp. 160–172. Springer, Heidelberg (2009)

    Google Scholar 

  6. Phung, P.H., et al.: Between worlds: securing mixed javascript/actionscript multi-party web content. In: IEEE Transactions on Dependable and Secure Computing, 12 April 2015, pp. 443–457 (2015)

    Google Scholar 

  7. Darling, M., et al.: A lexical approach for classifying malicious URLs. In: 2015 International Conference on High Performance Computing and Simulation (HPCS). IEEE (2015)

    Google Scholar 

  8. Fraiwan, M., et al.: Analysis and identification of malicious javascript code. Inf. Secur. J. A Global Perspect. 1–11 (2012)

    Google Scholar 

  9. Fang, Z., et al.: A half-dynamic classification method on obfuscated malicious JavaScript detection. Int. J. Secur. Appl. 9(6), 251–262 (2015)

    Google Scholar 

  10. Provos, N., Mavrommatis, P., Rajab, M.A., Monrose, F.: All your iframes point to us (2008)

    Google Scholar 

  11. Kim, B.-I., Im, C.-T., Jung, H.-C.: Suspicious malicious web site detection with strength analysis of a javascript obfuscation. Int. J. Adv. Sci. Technol. 26, 19–32 (2011)

    Google Scholar 

  12. Choi, J., et al.: Efficient malicious code detection using n-gram analysis and SVM. In: 2011 14th International Conference on Network-Based Information Systems (NBiS). IEEE, 2011

    Google Scholar 

  13. Chong, C., Liu, D., Lee, W.: Malicious URL detection

    Google Scholar 

  14. Provos, N., et al.: The ghost in the browser: analysis of web-based malware. In: HotBots 2007, p. 4 (2007)

    Google Scholar 

  15. Mutton, P.: EBay scripting flaws being actively exploited by fraudsters. Netcraft, 18 Feburary 2016. Web, 4 June 2016. http://news.netcraft.com/archives/2016/02/18/ebay-scripting-flaws-being-actively-exploited-by-fraudsters.html

  16. Christodorescu, M., et al.: Semantics-aware malware detection. In: 2005 IEEE Symposium on IEEE Security and Privacy (2005)

    Google Scholar 

  17. Cova, M., Kruegel, C., Vigna, G.: Detection and analysis of drive-by-download attacks and malicious JavaScript code. In: Proceedings of the 19th international conference on World wide web. ACM (2010)

    Google Scholar 

  18. Hallaraker, O., Vigna, G.: Detecting malicious javascript code in mozilla. In: Proceedings. 10th IEEE International Conference on Engineering of Complex Computer Systems, ICECCS 2005. IEEE (2005)

    Google Scholar 

  19. Hedin, D., Sabelfeld, A.: Information-flow security for a core of JavaScript. In: 2012 IEEE 25th Computer Security Foundations Symposium (CSF). IEEE (2012)

    Google Scholar 

  20. Feinstein, B., Peck, D., SecureWorks, Inc.: Caffeine monkey: Automated collection, detection and analysis of malicious javascript. Black Hat USA 2007 (2007)

    Google Scholar 

  21. Li, Z., et al.: Knowing your enemy: understanding and detecting malicious web advertising. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security. ACM (2012)

    Google Scholar 

  22. Likarish, P., Jung, E., Jo, I.: Obfuscated malicious javascript detection using classification techniques. In: MALWARE (2009)

    Google Scholar 

  23. Seifert, C., Welch, I., Komisarczuk, P.: Identification of malicious web pages with static heuristics. In: Australasian Telecommunication Networks and Applications Conference. ATNAC 2008. IEEE (2008)

    Google Scholar 

  24. Zarras, A., et al.: The dark alleys of madison avenue: understanding malicious advertisements. In: Proceedings of the 2014 Conference on Internet Measurement Conference. ACM (2014)

    Google Scholar 

  25. Xu, W., Zhang, F., Zhu, S.: JStill: mostly static detection of obfuscated malicious JavaScript code. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy. ACM (2013)

    Google Scholar 

  26. Canali, D., et al.: Prophiler: a fast filter for the large-scale detection of malicious web pages. In: Proceedings of the 20th International Conference on World Wide Web. ACM (2011)

    Google Scholar 

  27. Jim, T., Swamy, N., Hicks, M.: Defeating script injection attacks with browser-enforced embedded policies. In: Proceedings of the 16th International Conference on World Wide Web. ACM (2007)

    Google Scholar 

  28. Top Sites. Alexa Top 500 Global Sites. Web, 4 June 2016. http://www.alexa.com/topsites

  29. Malware Domain List. Web. 4 June 2016. https://www.malwaredomainlist.com/mdl.php

  30. Zdrnja, B., Brownlee, N., Wessels, D.: Passive monitoring of DNS anomalies. In: Hämmerli, B.M., Sommer, R. (eds.) DIMVA 2007. LNCS, vol. 4579, pp. 129–139. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  31. Bilge, L., et al. EXPOSURE: finding malicious domains using passive DNS analysis. In: NDSS (2011)

    Google Scholar 

  32. Antonakakis, M., et al.: Building a dynamic reputation system for DNS. In: USENIX Security Symposium (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Amrita Center for Cyber Security, Amrita Vishwa Vidyapeetham, Amrita University, Kollam, India

    Surendran K, Prabaharan Poornachandran, Aravind Ashok Nair, Srinath N, Ysudhir Kumar & Hrudya P

Authors
  1. Surendran K
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Prabaharan Poornachandran
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Aravind Ashok Nair
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Srinath N
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ysudhir Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Hrudya P
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Surendran K .

Editor information

Editors and Affiliations

  1. IBM ZURICH RESEARCH LABORATORY, IBM ZURICH RESEARCH LABORATORY, RUESCHLIKON, Switzerland

    Peter Mueller

  2. Technology and Management, Indian Institute of Information Technology and Management, Kerala, India

    Sabu M. Thampi

  3. Temple University, New York, New York, USA

    Md Zakirul Alam Bhuiyan

  4. Computer Science, University of Waikato Computer Science, Hamilton, New Zealand

    Ryan Ko

  5. Deakin University , Burwood, Victoria, Australia

    Robin Doss

  6. University of the West of Scotland , Paisley, Glasgow, United Kingdom

    Jose M. Alcaraz Calero

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer Nature Singapore Pte Ltd.

About this paper

Cite this paper

K, S., Poornachandran, P., Nair, A.A., N, S., Kumar, Y., P, H. (2016). MalJs: Lexical, Structural and Behavioral Analysis of Malicious JavaScripts Using Ensemble Classifier. In: Mueller, P., Thampi, S., Alam Bhuiyan, M., Ko, R., Doss, R., Alcaraz Calero, J. (eds) Security in Computing and Communications. SSCC 2016. Communications in Computer and Information Science, vol 625. Springer, Singapore. https://doi.org/10.1007/978-981-10-2738-3_38

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-2738-3_38

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-2737-6

  • Online ISBN: 978-981-10-2738-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation