JavaScript Malware Detection Using Locality Sensitive Hashing
Paper i proceeding, 2020
© 2020, IFIP International Federation for Information Processing. In this paper, we explore the idea of using locality sensitive hashes as input features to a feed-forward neural network with the goal of detecting JavaScript malware through static analysis. An experiment is conducted using a dataset containing 1.5M evenly distributed benign and malicious samples provided by the anti-malware company Cyren. Four different locality sensitive hashing algorithms are tested and evaluated: Nilsimsa, ssdeep, TLSH, and SDHASH. The results show a high prediction accuracy, as well as low false positive and negative rates. These results show that LSH based neural networks are a competitive option against other state-of-the-art JavaScript malware classification solutions.
Neural network
JavaScript
Malware
LSH
Författare
Stefan Carl Peiser
Student vid Chalmers
Ludwig Friborg
Student vid Chalmers
Riccardo Scandariato
Chalmers, Data- och informationsteknik, Software Engineering
Göteborgs universitet
IFIP Advances in Information and Communication Technology
1868-4238 (ISSN) 1868-422X (eISSN)
Vol. 580 IFIP 143-1549783030582005 (ISBN)
35th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2020
Maribor, Slovenia,
Maribor, Slovenia,
Ämneskategorier (SSIF 2025)
Datavetenskap (datalogi)
DOI
10.1007/978-3-030-58201-2_10