|
1
|
Ishida M, Kaneko N, Sumi K. MOJI: Character-level convolutional neural networks for Malicious Obfuscated JavaScript Inspection. Appl Soft Comput 2023. [DOI: 10.1016/j.asoc.2023.110138] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 02/24/2023]
|
|
2
|
Liu X, Huang C, Fang Y. DDIML: Explainable detection model for drive-by-download attacks. JOURNAL OF INTELLIGENT & FUZZY SYSTEMS 2022. [DOI: 10.3233/jifs-212496] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/15/2022]
Abstract
A drive-by download is a method of hackers planting the Web Trojan, which exploits browser vulnerabilities to execute malicious software. Because people usually access web pages with various browsers daily, drive-by downloads have become one of the most common threats in recent years. Most previous studies utilize AST with deep learning methods to detect such attacks, which achieved high accuracy but are time-consuming and challenging to explain. Also, some methods use dynamic analysis, which needs a specific environment and is time-consuming with the complex operation. In order to solve these problems, the paper proposes DDIML and an explainable machine learning model based on novel features with static analysis. These features are extracted from five aspects: code obfuscation, URL redirection, special behaviors, encoding characters, and CSS attributes. The most popular machine learning algorithm, Random forest, is applied for building the classifier detection model. In addition, we use both local and global explanations to improve the model and prove that the proposed model could be trusted. The Experimental results show that our proposed model can efficiently detect drive-by downloads with a detection precision of 0.983 and a recall of 0.980. The average detection time for each sample is only 16.07ms in total.
Collapse
Affiliation(s)
- Xiaole Liu
- School of Cyber Science and Engineering, Sichuan University, Chengdu, China
| | - Cheng Huang
- School of Cyber Science and Engineering, Sichuan University, Chengdu, China
| | - Yong Fang
- School of Cyber Science and Engineering, Sichuan University, Chengdu, China
| |
Collapse
|
|
3
|
|
|
4
|
XGBXSS: An Extreme Gradient Boosting Detection Framework for Cross-Site Scripting Attacks Based on Hybrid Feature Selection Approach and Parameters Optimization. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS 2021. [DOI: 10.1016/j.jisa.2021.102813] [Citation(s) in RCA: 3] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/19/2022]
|
|
5
|
JSContana: Malicious JavaScript detection using adaptable context analysis and key feature extraction. Comput Secur 2021. [DOI: 10.1016/j.cose.2021.102218] [Citation(s) in RCA: 11] [Impact Index Per Article: 3.7] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/15/2022]
|
|
6
|
Malviya VK, Rai S, Gupta A. Development of web browser prototype with embedded classification capability for mitigating Cross-Site Scripting attacks. Appl Soft Comput 2021. [DOI: 10.1016/j.asoc.2020.106873] [Citation(s) in RCA: 2] [Impact Index Per Article: 0.7] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/26/2022]
|