Design And Implementation Of JavaScript Malicious Code Detection Tool Based On Information Entropy

With the increasing use of WEB Applications in the Internet environment,the WEB security threats have become increasingly prominent since the 21 st century.Attackers often use the vulnerability of the WEB applications to obtain the user's private information for illegal transactions,and even to steal the user's money directly through the obtained information.The dynamics of WEB applications are primarily implemented in scripting languages,and JavaScript has become the most widely used front-end scripting language for websites.Therefore,how to detect JavaScript malicious code quickly and effectively has become one of the urgent problems to be solved in maintaining the network environment.In this paper,5,285 JavaScript-based pages are collected in a real network environment for validating our methods.The static and dynamic features of JavaScript code are analyzed,and a feature vector data set construction method based on information entropy is proposed,and the machine learning classification algorithm is used to verify the validity of the feature set.Experimental results demonstrate that our approach is effective.When the false negative rate is 1.6%,the JavaScript malicious code detection tool based on information entropy(E-JSDT)can achieve 97.9% accuracy rate for JavaScript malicious code detection.The main work of this paper is as followed:(1)By the investigation of the JavaScript malicious code detection technology of the world so far,the characteristics of JavaScript code are researched and analyzed,the static and dynamic features of JavaScript code are extracted from three aspects(source code analysis,dynamic characteristics and others).The feature vector data set based on information entropy is constructed,which can contribute to improving WEB security data set for research team.(2)The validity and feasibility of JavaScript codes feature vector data set based on information entropy are verified by LR(Logical Regression)classification model and the architecture of E-JSDT is Designed and implemented.(3)The comparison of the three sets of experiments shows that E-JSDT has greatly improved the accurate rate,false negative rate and false positive rate compared with the JavaScript malicious code detection method based on traditional information entropy;compared with G Data Internet Security anti-virus software,E-JSDT has Higher accurate rate and lower false negative rate.