A Practical Guide for Detecting the Java Script-Based Malware Using Hidden Markov Models and Linear Classifiers

Cosovan, Doina; Benchea, Razvan; Gavriluţ, Dragoş Teodor

doi:10.1109/synasc.2014.39

Cited by 8 publications

(3 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Cosovan et al [20] investigated various detection approaches to JS-based malware attacks. In the study, multiple versions of linear classification, Hidden Markov Models, and ensemble model techniques have been used.…”

Section: A Description Of Primary Studies (Ps)mentioning

confidence: 99%

A Systematic Literature Review and Quality Analysis of Javascript Malware Detection

Sohan

Basalamah

2020

IEEE Access

View full text Add to dashboard Cite

Context: JavaScript (JS) is an often-used programming language by millions of web pages and is also affected by thousands of malicious attacks. Objective: In this investigation, we provided a general view and a quick understanding of JavaScript Malware Detection (JSMD) research reported in the scientific literature from several perspectives. Method: We performed a Systematic Literature Review (SLR) and quality analysis of published research articles on the topic. We investigated 32 articles published between the year 2009 to the year 2019. Results: Selected 32 papers explained in this article reflect the outline of what was published so far. One of our key findings is the performance of Machine Learning (ML) based detection models were relatively higher than others. We also found that only a few papers were able to achieve high scores according to the quality assessment criteria. Conclusion: In this SLR, we summarized and synthesized the existing JSMD studies to identify the previous research practices and also to shed light on future guidelines in the malware detection space. This study will guide and help future researchers to investigate the previous literature efficiently and effectively.

show abstract

Section: A Description Of Primary Studies (Ps)mentioning

confidence: 99%

A Systematic Literature Review and Quality Analysis of Javascript Malware Detection

Sohan

Basalamah

2020

IEEE Access

View full text Add to dashboard Cite

show abstract

“…V. Shen used a high-level fuzzy Petri net (HLFPN) to detect JavaScript malware [20]. D. Cosovan used hidden markov models and linear classifiers to detect JavaScript-based malware [6]. Last but not least, D. Maiorca et al used discriminant and adversary-aware API analysis to detect malicious scripting code [12].…”

Section: Related Workmentioning

confidence: 99%

JSLess: A Tale of a Fileless Javascript Memory-Resident Malware

Saad

Mahmood

Briguglio

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

New computing paradigms, modern feature-rich programming languages and off-the-shelf software libraries enabled the development of new sophisticated malware families. Evidence of this phenomena is the recent growth of fileless malware attacks. Fileless malware or memory resident malware is an example of an Advanced Volatile Threat (AVT). In a fileless malware attack, the malware writes itself directly onto the main memory (RAM) of the compromised device without leaving any trace on the compromised device's file system. For this reason, fileless malware presents a difficult challenge for traditional malware detection tools and in particular signature-based detection. Moreover, fileless malware forensics and reverse engineering are nearly impossible using traditional methods. The majority of fileless malware attacks in the wild take advantage of MS PowerShell, however, fileless malware are not limited to MS PowerShell. In this paper, we designed and implemented a fileless malware by taking advantage of new features in Javascript and HTML5. The proposed fileless malware could infect any device that supports Javascript and HTML5. It serves as a proof-of-concept (PoC) to demonstrate the threats of fileless malware in web applications. We used the proposed fileless malware to evaluate existing methods and techniques for malware detection in web applications. We tested the proposed fileless malware with several free and commercial malware detection tools that apply both static and dynamic analysis. The proposed fileless malware bypassed all the anti-malware detection tools included in our study. In our analysis, we discussed the limitations of existing approaches/tools and suggested possible detection and mitigation techniques.

show abstract

“…Once a user enables macros in an office document it may download a payload that contain a Trojan. Similarly if a PDF is viewed by a privileged user, a JavaScript can be automatically launched to run a malicious shellcode [27], [84]. Since anti-virus software often fail to detect these hidden malware and there is a good chance for users to run the file this mechanism becomes highly effective for delivering Trojans [54], [58], [83].…”

Section: Email Attachmentsmentioning

confidence: 99%

A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence

Kiwia

Dehghantanha

Choo

et al. 2018

Journal of Computational Science

View full text Add to dashboard Cite

Malware such as banking Trojans are popular with financially-motivated cybercriminals. Detection of banking Trojans remains a challenging task, due to the constant evolution of techniques used to obfuscate and circumvent existing detection and security solutions. Having a malware taxonomy can facilitate the design of mitigation strategies such as those based on evolutionary computational intelligence. Specifically, in this paper, we propose a cyber kill chain based taxonomy of banking Trojans features. This threat intelligence based taxonomy providing a stage-by-stage operational understanding of a cyber-attack, can be highly beneficial to security practitioners and the design of evolutionary computational intelligence on Trojans detection and mitigation strategy. The proposed taxonomy is validated by using a real-world dataset of 127 banking Trojans

show abstract

A Practical Guide for Detecting the Java Script-Based Malware Using Hidden Markov Models and Linear Classifiers

Cited by 8 publications

References 17 publications

A Systematic Literature Review and Quality Analysis of Javascript Malware Detection

A Systematic Literature Review and Quality Analysis of Javascript Malware Detection

JSLess: A Tale of a Fileless Javascript Memory-Resident Malware

A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence

Contact Info

Product

Resources

About