Research On Detection Methods Of JavaScript Malicious Code

The continuous development of Internet technology has brought great convenience to people's life.People can access Web applications through mobile phones or various terminal devices at any time.As the most widely used programming language for Web application clients,Java Script has been heavily exploited by hackers due to its dynamic,simple syntax and powerful features.An endless stream of malicious Java Script code threatens the privacy and information security of Internet users,so this thesis studies the detection methods of malicious Java Script code.Java Script malicious code detection method is divided into dynamic detection method and static detection method according to whether the script code program needs to be executed.The implementation of dynamic detection method is relatively complex.Under the condition of limited computer resources and time,we are more inclined to find an efficient and static end-to-end detection method.However,there are some problems and challenges in the static detection method.For example,in order to hide the malicious behavior of malicious code,the code is often confused and compressed,or a small part of the code is embedded in a large number of benign code;Java Script code supports multiple encoding formats,and malicious code may also use encoding based techniques to evade detection by detection methods.To solve these problems,this thesis proposes three detection methods for malicious code based on static type.The main work is as follows.(1)A Java Script malicious code detection method based on Local Sensitive Hasing algorithm is proposed.Firstly,LSH algorithm was used to extract the hash value of code file,then word embedding was completed based on N-Gram model,and then DNN was used to complete the detection and classification of malicious code.The feasibility of this method and its advantages in static detection type method were verified through experiments.(2)A Java Script malicious code detection model based on Bi LSTM and attention mechanism is proposed.To solve the problem of malicious code compression,this model uses the form of code transformation into abstract syntax tree.Then,depth-first traversal is used to get the sequence of grammar units.Meanwhile,attention mechanism is introduced to deal with the situation where a small amount of malicious code is embedded in benign code.On the basis of abstract syntax tree,the features of control flow diagram are added to extract the semantic information of code,and the two features are combined to complete the classification of malicious code.Experiments and contrastive analysis show that this method can identify Java Script malicious code effectively.(3)A detection system architecture based on CNN distributed deep learning and block chain is proposed.Block chain technology is used to solve the problem of data sample island and data trust in the problem of malicious code detection.At the same time,markov graph algorithm is used to extract code features.The decentralized blockchain training fusion based on distributed deep learning has the advantages of traceability and non-tamper,and the contributors of different computing power adopt synchronous training to update model parameters.The feasibility and great potential of this method are verified by simulation experiments and theoretical analysis.