Research On JavaScript Malicious Code Detection Model Based On Anti-obfuscated Technology

JavaScript is a widely used technique for interactive website development.But because of the character of JavaScript,whose code can be interpreted immediately by user's browsers without pre-compiled,malicious JavaScript is used as an attack technique on website easily.Moreover,in order to avoid being caught by traditional detection system based on static feature,the attackers often obfuscate malicious JavaScript.So how to identify obfuscated malicious JavaScript effectively and accurately becomes more and more important.This thesis uses the information-theoretic measures to detect obfuscated JavaScript code,this measure can capture the escape-attack based on statistical feature detector.Then we de-obfuscate the obfuscated code.Finally we use machine learning knowledge to detect JavaScript malicious code.The concrete results are as follows:1.According to analyzing the syntax of JavaScript,we improve JavaScript obfuscated code detection model based on statistical features.The improved detection model figures out the frequency rate while dividing JavaScript into N-gran segmentation,then calculates the measure value of the theory of information,and classifies it by the One-Class SVM single classifier.The experiment shows that,the improved detection method achieves better detection results,and verifies that the Bigram word segmentation is better than the Unigram word segmentation.2.Via the analysis of the JavaScript code detection model based on statistical features,we construct a specific escape-attack against the model,and the obfuscated JavaScript code detection model based on statistical features and obfuscation features is proposed.The model combines the obfuscation features with statistical features to capture the escape-attack.Experiments show that the detection model can accurately capture the constructed escape-attack.3.JavaScript malicious code detection scheme based on multi-class features is proposed.The scheme uses machine learning to detect JavaScript malicious code by extracting the malicious features of four dimensions:basic features,dynamic execution features,attack features and character segmentation features.The effectiveness and non-redundancy of the scheme are verified by comparison experiments.