JavaScript Malware Detection Using Locality Sensitive Hashing
Paper in proceeding, 2020
© 2020, IFIP International Federation for Information Processing. In this paper, we explore the idea of using locality sensitive hashes as input features to a feed-forward neural network with the goal of detecting JavaScript malware through static analysis. An experiment is conducted using a dataset containing 1.5M evenly distributed benign and malicious samples provided by the anti-malware company Cyren. Four different locality sensitive hashing algorithms are tested and evaluated: Nilsimsa, ssdeep, TLSH, and SDHASH. The results show a high prediction accuracy, as well as low false positive and negative rates. These results show that LSH based neural networks are a competitive option against other state-of-the-art JavaScript malware classification solutions.
Neural network
JavaScript
Malware
LSH
Author
Stefan Carl Peiser
Student at Chalmers
Ludwig Friborg
Student at Chalmers
Riccardo Scandariato
Chalmers, Computer Science and Engineering (Chalmers), Software Engineering (Chalmers)
University of Gothenburg
IFIP Advances in Information and Communication Technology
1868-4238 (ISSN) 1868-422X (eISSN)
Vol. 580 IFIP 143-1549783030582005 (ISBN)
35th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2020
Maribor, Slovenia,
Maribor, Slovenia,
Subject Categories (SSIF 2025)
Computer Sciences
DOI
10.1007/978-3-030-58201-2_10