Research On JavaScript Imalicious Code Detection Technology Based On Machine Learning

JavaScript has become a widely used technology in interactive web pages and dynamic web pages.The types of attacks generated by JavaScript malicious code have also become diverse,and have become carriers of attack types such as encrypted extortion virus,script mining virus,phishing website,spam advertisement and so on.By analyzing the relevant features of a large number of JavaScript malicious code,this paper extract and classify the features of obfuscated malicious JavaScript codes from seven aspects: attribute-based features,redirection-based features,suspicious keyword-based features,based on obfuscated features,based on running function features,based on the lexical analysis features and the post-compilation opcodes features.After all,an anti-aliasing algorithm is proposed and a malicious code detection method for JavaScript based on machine learning is implemented.The main research contents are as follows.1.By analyzing a large number of malicious and benign JavaScript codes,and aiming at the obfuscated codes,this paper proposes a behavior-based obfuscation JavaScript script anti-obfuscation algorithm,which can automatically de-obfuscate some obfuscated JavaScript code into readable state.2.This paper analyses the static characteristics of JavaScript malicious code by using the method of feature engineering,calculates the weights of extracted features by using the entropy method,and selects the features with high correlation of weights for machine learning related experiments,and realizes the static feature detection.3.In this paper,the attack mode of JavaScript malicious code in computer is deeply studied.An Inline Hook technology based on Ring 3 layer is implemented to monitor the operation of JavaScript malicious code in real time,and the detection of running behavior is realized.Through lexical analysis of JavaScript malicious code and operation code analysis after compiling,extracting features for machine learning related experiments,dynamic feature detection is realized.The experimental results show that the detection technology proposed in this paper has a good detection effect for malicious JavaScript code,which proves the validity of the model and the reliability of the selected features.