Improving Detect Accuracy For Malicious Using Generative Adversarial Nets

Malicious JavaScript code is widely used in attacking client browser,stealing user privacy,and making network security face serious challenges.Therefore,in order to protect users from attacks,these malicious codes need to be detected before they are executed.There are several static and dynamic methods to detect malicious code.The static methods are very efficient and does not need to execute JavaScript code,but it cannot detect new malicious code.The dynamic methods usually need to simulate the environment to execute JavaScript code and analyze its behaviour,and the efficiency is not high.In recent years,many scholars have applied machine learning to identification malicious code,which has achieved good results,but in the analysis of malicious JavaScript code,a large number of labeled samples are needed.The malicious JavaScript code has the characteristics of difficulty in collecting and difficult manual marking.In this paper,a method of using generation samples to improve the accuracy of model recognition is proposed,which combines the generative adversarial nets(GAN).The GAN is trained with a labeled sample,unlabeled sample,and the sample generated by the generator.By defining different loss functions,the discriminator and generator in the GAN can reach the Nash balance.When the discriminator is unable to identify the real sample and the generation sample,the generator has successfully fitted the distribution of the real sample,generated a large number of samples by the generator,and trained the traditional classifier to improve the effectiveness in detecting malicious JavaScript code.In order to verify the effect of the model,this paper selects five traditional classifiers,RF,LR,DT,SVM and KNN,and the training data are set up to 100,200,300,400,500 in the experiment.The results show that use the generated sample can improve the effectiveness of classifier detection on small scale.After training the model,a proxy tool is written using Python to filter the user's access traffic by setting the browser's agent to the address of the proxy server,named MDProxy.The trained model is applied to the MDproxy.By filtering the JavaScript source code,the malicious JavaScript statements are intercepted,and the warning information is returned to the browserBaesd on the method propoesd in this paper,the detection rate of 5 kinds of training sets and 5 classifiers is compared.The experimental results show that this method can effectively improve the detection ability of the traditional classifier.