{"title":"A new approach of clustering malicious JavaScript","authors":"Liu Biao, Huamin Feng, Zhang Kejun, Li Yang","doi":"10.1109/ICSESS.2014.6933535","DOIUrl":null,"url":null,"abstract":"In the recent years, many hostile websites have been using polymorphic JavaScript in order to conceal its code. The virtual execution is considered to be effective to process and detect such types of JavaScript. However, a challenge often encountered with that approach is the mandatory preparation of very detail-oriented environments that may also require specific user-driven events for the malicious JavaScript to execute properly as it was designed to. This paper proposes a hierarchical clustering algorithm based on tree edit distance to recognize and categorize hostile JavaScript. Firstly, the JavaScript's abstract syntax tree is constructed to be structural analysis. Secondly, the similarity of two JavaScript is calculated by tree-matching algorithm based on tree edit distance. Finally, the hierarchical clustering of malicious JavaScript is determined by predefined threshold. Our promising results confirm the effectiveness of the approach.","PeriodicalId":6473,"journal":{"name":"2014 IEEE 5th International Conference on Software Engineering and Service Science","volume":"1 1","pages":"157-160"},"PeriodicalIF":0.0000,"publicationDate":"2014-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE 5th International Conference on Software Engineering and Service Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSESS.2014.6933535","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
In the recent years, many hostile websites have been using polymorphic JavaScript in order to conceal its code. The virtual execution is considered to be effective to process and detect such types of JavaScript. However, a challenge often encountered with that approach is the mandatory preparation of very detail-oriented environments that may also require specific user-driven events for the malicious JavaScript to execute properly as it was designed to. This paper proposes a hierarchical clustering algorithm based on tree edit distance to recognize and categorize hostile JavaScript. Firstly, the JavaScript's abstract syntax tree is constructed to be structural analysis. Secondly, the similarity of two JavaScript is calculated by tree-matching algorithm based on tree edit distance. Finally, the hierarchical clustering of malicious JavaScript is determined by predefined threshold. Our promising results confirm the effectiveness of the approach.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
