Your search keyword '"machine learning models detection"' showing total 1 results

1. Deobfuscation, unpacking, and decoding of obfuscated malicious JavaScript for machine learning models detection performance improvement

Author

Samuel Ndichu, Sangwook Kim, and Seiichi Ozawa

Subjects

0209 industrial biotechnology, Computer science, learning (artificial, term frequency-inverse document frequency model, obfuscated benign js codes, learned feature vectors, 02 engineering and technology, computer.software_genre, 020901 industrial engineering & automation, vectors, 0202 electrical engineering, electronic engineering, information engineering, computer.programming_language, fasttext model, feature extraction, java, original js code, multilayer obfuscation, dud-preprocessed obfuscated malicious js codes, lcsh:QA76.75-76.765, paragraph vector models, 020201 artificial intelligence & image processing, Computer Vision and Pattern Recognition, Decoding methods, Information Systems, Unpacking, Computer Networks and Communications, obscure code, Feature vector, JavaScript, Machine learning, long short-term memory model, Artificial Intelligence, js code editor, Obfuscation, intelligence), lcsh:Computer software, business.industry, software, unpacking, term frequency–inverse document frequency model, lcsh:P98-98.5, invasive software, text analysis, Python (programming language), machine learning models detection, Human-Computer Interaction, formatted js code, Scripting language, learning (artificial intelligence), deobfuscation methods, Artificial intelligence, internet, lcsh:Computational linguistics. Natural language processing, business, invasive, computer, Feature learning, undetectable code

Abstract

Obfuscation is rampant in both benign and malicious JavaScript (JS) codes. It generates an obscure and undetectable code that hinders comprehension and analysis. Therefore, accurate detection of JS codes that masquerade as innocuous scripts is vital. The existing deobfuscation methods assume that a specific tool can recover an original JS code entirely. For a multi-layer obfuscation, general tools realize a formatted JS code, but some sections remain encoded. For the detection of such codes, this study performs Deobfuscation, Unpacking, and Decoding (DUD-preprocessing) by function redefinition using a Virtual Machine (VM), a JS code editor, and a python int_to_str() function to facilitate feature learning by the FastText model. The learned feature vectors are passed to a classifier model that judges the maliciousness of a JS code. In performance evaluation, the authors use the Hynek Petrak's dataset for obfuscated malicious JS codes and the SRILAB dataset and the Majestic Million service top 10,000 websites for obfuscated benign JS codes. They then compare the performance to other models on the detection of DUD-preprocessed obfuscated malicious JS codes. Their experimental results show that the proposed approach enhances feature learning and provides improved accuracy in the detection of obfuscated malicious JS codes.

Published

2020