IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v14y2022i8p217-d869370.html
   My bibliography  Save this article

Detection of Obfuscated Malicious JavaScript Code

Author

Listed:
  • Ammar Alazab

    (School of Information Technology and Engineering, Melbourne Institute of Technology, Melbourne, VIC 3000, Australia)

  • Ansam Khraisat

    (School of Information Technology and Engineering, Melbourne Institute of Technology, Melbourne, VIC 3000, Australia)

  • Moutaz Alazab

    (Faculty of Artificial Intelligence, Al-Balqa Applied University, Amman 1705, Jordan)

  • Sarabjot Singh

    (School of Information Technology and Engineering, Melbourne Institute of Technology, Melbourne, VIC 3000, Australia)

Abstract

Websites on the Internet are becoming increasingly vulnerable to malicious JavaScript code because of its strong impact and dramatic effect. Numerous recent cyberattacks use JavaScript vulnerabilities, and in some cases employ obfuscation to conceal their malice and elude detection. To secure Internet users, an adequate intrusion-detection system (IDS) for malicious JavaScript must be developed. This paper proposes an automatic IDS of obfuscated JavaScript that employs several features and machine-learning techniques that effectively distinguish malicious and benign JavaScript codes. We also present a new set of features, which can detect obfuscation in JavaScript. The features are selected based on identifying obfuscation, a popular method to bypass conventional malware detection systems. The performance of the suggested approach has been tested on JavaScript obfuscation attacks. The studies have shown that IDS based on selected features has a detection rate of 94% for malicious samples and 81% for benign samples within the dimension of the feature vector of 60.

Suggested Citation

  • Ammar Alazab & Ansam Khraisat & Moutaz Alazab & Sarabjot Singh, 2022. "Detection of Obfuscated Malicious JavaScript Code," Future Internet, MDPI, vol. 14(8), pages 1-15, July.
  • Handle: RePEc:gam:jftint:v:14:y:2022:i:8:p:217-:d:869370
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/14/8/217/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/1999-5903/14/8/217/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Petar Radanliev & David Roure & Pete Burnap & Omar Santos, 2021. "Epistemological Equation for Analysing Uncontrollable States in Complex Systems: Quantifying Cyber Risks from the Internet of Things," The Review of Socionetwork Strategies, Springer, vol. 15(2), pages 381-411, November.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Ramraj Dangi & Akshay Jadhav & Gaurav Choudhary & Nicola Dragoni & Manas Kumar Mishra & Praveen Lalwani, 2022. "ML-Based 5G Network Slicing Security: A Comprehensive Survey," Future Internet, MDPI, vol. 14(4), pages 1-28, April.
    2. Xiaoqian Zhu & Yinghui Wang & Jianping Li, 2022. "What drives reputational risk? Evidence from textual risk disclosures in financial statements," Palgrave Communications, Palgrave Macmillan, vol. 9(1), pages 1-15, December.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:14:y:2022:i:8:p:217-:d:869370. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.