基于CB-Attention的JavaScript恶意混淆代码检测方法
JavaScript malicious obfuscation code detection method based on CB-Attention
徐鑫 1张志宁 2吕云山 3李立 4郑玉杰5
作者信息
- 1. 重庆移通学院实训中心,重庆 401520;重庆移通学院公共大数据安全技术重庆市重点实验室,重庆 401520
- 2. 重庆移通学院公共大数据安全技术重庆市重点实验室,重庆 401520
- 3. 西南大学计算机与信息科学学院,重庆 400065
- 4. 重庆邮电大学通信与信息工程学院,重庆 400065
- 5. 重庆大学能源与动力工程学院,重庆 400065
- 折叠
摘要
当今JavaScript代码混淆方法日益多样,现有检测方法在对混淆代检测时会出现漏报和误报的情况,为解决该问题,提出一种基于CB-Attention的JavaScript恶意代码检测方法.由SDPCNN模型和BiLSTM+Attention模型构成,SD-PCNN对短距离间的语义特征信息进行提取,BiLSTM+Attention获取JavaScript代码中长距离间的语义信息特征.为验证所提方法的有效性,将该方法与其它方法进行对比,对比结果表明,该方法具有较好的检测效果,F1-Score可达 98.78%.
Abstract
Nowadays,JavaScript code obfuscation methods are becoming more and more diverse,and the existing detection methods show miss and false positives when detecting obfuscation agents.To solve this problem,a JavaScript malicious code detection method based on CB-Attention was proposed.The model was mainly composed of SDPCNN model and BiLSTM+Attention model.SDPCNN was used to extract semantic feature information at short distances,while BiLSTM+Attention was used to ob-tain semantic information features at long distances in JavaScript code.To verify the effectiveness of the proposed method,the method was compared with other methods.The comparison results show that the method has better detection effects,and the F1-Score can reach 98.78%.
关键词
JavaScript恶意代码/混淆代码/检测模型/增强深度金字塔卷积神经网络/注意力网络/双向长短时记忆网络/长距离特征信息/抽象语法树Key words
JavaScript malicious code/obfuscated code/detection model/strengthen deep pyramid convolutional neural net-works/attention model/bi-directional long short-term memory model/long distance feature information/abstract syntax tree引用本文复制引用
基金项目
国家自然科学基金项目(12004057)
重庆市自然科学基金面上基金项目(CSTB2022 NSCQ-MSX1183)
出版年
2024
NETL
NSTL
万方数据