Indian Journal of Science and Technology

Abstract

Objective: To detect malicious JavaScript code in Web pages by reducing false positive and false negative rate thus increasing detection rate. Methods/Analysis: In recent years JavaScript has become the most common and successful attack construction language. Various approaches have been proposed to overcome the JavaScript security issues. In this paper, we have presented the methodology of detection of malicious JavaScript code in the Web pages. We have collected the benign and malicious JavaScript’s from the benchmark sources of Web pages. We have used the static analysis of JavaScript code for the effective detection of malicious and benign scripts. We have created a dataset of 6725 benign and malicious scripts. This dataset consists of 4500 benign and 2225 malicious Java Script’s. Finding: We have extracted 77 JavaScript features from the script, among which 45 are new features. We have evaluated our dataset using seven supervised machine learning classifiers. The experimental results show that, by inclusion of new features, all the classifiers have achieved good detection rate between 97%-99%, with very low FPR and FNR, as compared to nine well-known antivirus software’s. Novelty/Improvement: We have used 45 new JavaScript features in our dataset. Due to these new features, FPR and FNR are reduced and increase the malicious JavaScript detection rate.

Keywords: Drive-by-Downloads, Malicious JavaScript, Machine Learning, Malicious Web Pages, Static Detection