Research For Techniques Of Anti-evasion Of JavaScript Malware Detection Systems

In recent years,statistical machine learning algorithms and classification techniques are increasingly used in malicious detection of JavaScript scripts.At the same time,a variety of methods to evade the classifier has been proposed.So it has been a worthy of studying that the prevention of evasions when using statistical machine learning algorithm to detect malicious scripts.In addition,because of the high efficiency and good accuracy of static analysis,it is often used in the feature extraction process before machine learning algorithm begins.In this paper,the anti-evasion problem of JavaScript malicious code detection system based on static analysis and statistical machine learning is studied deeply.Specific content is as follows:(1)We design and formalize the anti-evasion model of JavaScript malicious code detection system.This model includes the structure model of system anti-evasion module and the anti-evasion evaluation model of the system.Structural model points out that which part of the system should be optimized and how to do that in order to strengthen the robustness of anti-evasion.Based on the formal description of the system,the security of anti-evasion is defined in the evaluation model,and the accuracy of the testing set is defined.A reasonable evaluation function is proposed for the evaluation of the classifier.(2)A feature selection and optimization method based on PSO is designed and implemented to improve the security and accuracy of the classifier.In this study,the binary version of PSO is applied to the feature selection problem.Through the feature selection,the detection rate of the classifier can be greatly improved and the detection rate can be doubled.In addition,the feature selection algorithm based on PSO is better than other algorithms in efficiency,security and accuracy.(3)An optimization method based on multiple classifier system is designed and implemented.Unlike the feature selection approach,a multiple classifier system selects instances from the training set rather than selecting features from the feature set.Due to the randomness of training set selection,multiple classifiers are used to solve the possible misclassification.Thus,the multiple classifier system proposed in this study is composed.In practical experiments,this method has achieved good results,in the presence of evasion behavior,the accuracy of the original classifier increased by about 5%.When the number of classifiers increasing,the accuracy of the classification of the scripts in the testing set also increases.