| With the development of front-end technology,JavaScript code obfuscation methods and obfuscation tools become more and more abundant,which greatly reduces the readability of JavaScript code,and also facilitates of the hiding of malicious code.Because it can automate feature extraction,deep learning has become one of the most important tools for researchers to study JavaScript maliciously obfuscation code.At present,the diversity of obfuscation methods makes the obfuscation codes diversified in style and flexible in style,so it is difficult to detect the characteristics of obfuscation codes.Based on this,this article will use deep learning methods to study the detection of malicious mixed code in JavaScript.The obfuscation technology will change the length of the code when it confuses the code.When the code length becomes very short after the obfuscation,the existing model will weaken the short-distance correlation information in the detection.This is because the initial weight of the model is relatively small for the JavaScript code features that are too short in the training,and the correlation features between short distances will be weakened when the training is deepened.To solve this problem,this paper proposes an adaptive JavaScript code length detection model JACLNet.Firstly,convolutional neural network(CNN)is used to construct short-distance associative feature extraction model SDANet,which is used to obtain the semantic information between short distances in JavaScript and reduce the amount of model computation.Secondly,BiLSTM is used to obtain semantic information between JavaScript distances.Finally,the extracted semantic information is enhanced by using Transformer’s Encoder network.Experimental results show that compared with the existing JavaScript malicious code detection methods,the JACLNet model proposed in this paper can improve the detection accuracy while maintaining better real-time performance.In order to hide the correlation feature information between codes,malicious code uses obfuscation technology to obfuscate the calling relation between codes,which leads to the model easily ignoring the correlation feature information between codes during feature extraction.In order to solve this problem,the JavaScript deep feature extraction model JDFENet is proposed in this paper.Firstly,BiLSTM is used to obtain the semantic information in the statement block.Then,a feedforward neural website is used to construct a multi-layer feedforward neural network MFNet to enhance the semantic feature information extracted by BiLSTM,so as to facilitate the subsequent model to extract the associated features.Finally,the graph convolutional neural network GCN is used to obtain the association between statements.The experimental results show that the method presented in this paper shows a lower false positive rate and a lower false negative rate on the test dataset.In order to facilitate users to use the model proposed in this paper to detect JavaScript malicious code,this paper implements a JavaScript malicious code detection tool through Chrome extension program based on the above model.When the user opens a new page,the detection tool will obtain the URL address opened by the user,download the HTML page through the URL address,extract the JS file,transform the JS file into a vector through the data preprocessing method,and finally carry out the detection through the above model,and return the result to the client.Through testing,it is found that the JavaScript malicious code detection tool proposed in this paper can effectively detect the JavaScript code in the page. |