Title :
A new approach of clustering malicious JavaScript
Author :
Liu Biao ; Zhang Kejun ; Feng Huamin ; Zhang Kejun ; Li Yang
Author_Institution :
Dept. of Comput. Sci., Beijing Electron. Sci. & Technol. Instn., Beijing, China
Abstract :
In the recent years, many hostile websites have been using polymorphic JavaScript in order to conceal its code. The virtual execution is considered to be effective to process and detect such types of JavaScript. However, a challenge often encountered with that approach is the mandatory preparation of very detail-oriented environments that may also require specific user-driven events for the malicious JavaScript to execute properly as it was designed to. This paper proposes a hierarchical clustering algorithm based on tree edit distance to recognize and categorize hostile JavaScript. Firstly, the JavaScript´s abstract syntax tree is constructed to be structural analysis. Secondly, the similarity of two JavaScript is calculated by tree-matching algorithm based on tree edit distance. Finally, the hierarchical clustering of malicious JavaScript is determined by predefined threshold. Our promising results confirm the effectiveness of the approach.
Keywords :
Java; Web sites; computational linguistics; invasive software; pattern clustering; trees (mathematics); JavaScript abstract syntax tree; Websites; detail-oriented environments; hierarchical malicious JavaScript clustering algorithm; polymorphic JavaScript; structural analysis; tree edit distance; tree-matching algorithm; user-driven events; virtual execution; Abstracts; Accuracy; Algorithm design and analysis; Classification algorithms; Clustering algorithms; Syntactics; Web pages; abstract syntax tree; obfuscated; polymorphic; tree edit distance;
Conference_Titel :
Software Engineering and Service Science (ICSESS), 2014 5th IEEE International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4799-3278-8
DOI :
10.1109/ICSESS.2014.6933535
