SeedsMiner: Accurate URL Blacklist-Generation Based on Efficient OSINT Seed Collection

Tanaka, Yasuyuki; Kashima, Shingo

doi:10.1145/3358695.3361751

Cited by 3 publications

(1 citation statement)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance, one form of JavaScript-based attack is FormJacking, which focuses on e-commerce websites’ checkout pages to steal user information and credit card details. On average, FormJacking ( Tanaka & Kashima, 2019 ) attacks compromised approximately 4,800 websites per month in 2018. Multiple malicious JavaScript-based attacks are in existence, including XSS, drive-by download assaults, and distributed denial-of-service (DDoS) attacks ( Sachin & Chiplunkar, 2012 ).…”

Section: Introductionmentioning

confidence: 99%

Vulnerable JavaScript functions detection using stacking of convolutional neural networks

Sheneamer

2024

PeerJ Computer Science

View full text Add to dashboard Cite

System security for web-based applications is paramount, and for the avoidance of possible cyberattacks it is important to detect vulnerable JavaScript functions. Developers and security analysts have long relied upon static analysis to investigate vulnerabilities and faults within programs. Static analysis tools are used for analyzing a program’s source code and identifying sections of code that need to be further examined by a human analyst. This article suggests a new approach for identifying vulnerable code in JavaScript programs by using ensemble of convolutional neural networks (CNNs) models. These models use vulnerable information and code features to detect related vulnerable code. For identifying different vulnerabilities in JavaScript functions, an approach has been tested which involves the stacking of CNNs with misbalancing, random under sampler, and random over sampler. Our approach uses these CNNs to detect vulnerable code and improve upon current techniques’ limitations. Previous research has introduced several approaches to identify vulnerable code in JavaScript programs, but often have their own limitations such as low accuracy rates and high false-positive or false-negative results. Our approach addresses this by using the power of convolutional neural networks and is proven to be highly effective in the detection of vulnerable functions that could be used by cybercriminals. The stacked CNN approach has an approximately 98% accuracy, proving its robustness and usability in real-world scenarios. To evaluate its efficacy, the proposed method is trained using publicly available JavaScript blocks, and the results are assessed using various performance metrics. The research offers a valuable insight into better ways to protect web-based applications and systems from potential threats, leading to a safer online environment for all.

show abstract

Section: Introductionmentioning

confidence: 99%

Vulnerable JavaScript functions detection using stacking of convolutional neural networks

Sheneamer

2024

PeerJ Computer Science

View full text Add to dashboard Cite

show abstract

VT-SOS: A Cost-effective URL Warning utilizing VirusTotal as a Second Opinion Service

Takao,

Hiraishi,

Tanabe

et al. 2024

NOMS 2024-2024 IEEE Network Operations and Management Symposium

View full text Add to dashboard Cite

Malicious JavaScript Detection Based on Bidirectional LSTM Model

et al. 2020

View full text Add to dashboard Cite

JavaScript has been widely used on the Internet because of its powerful features, and almost all the websites use it to provide dynamic functions. However, these dynamic natures also carry potential risks. The authors of the malicious scripts started using JavaScript to launch various attacks, such as Cross-Site Scripting (XSS), Cross-site Request Forgery (CSRF), and drive-by download attack. Traditional malicious script detection relies on expert knowledge, but even for experts, this is an error-prone task. To solve this problem, many learning-based methods for malicious JavaScript detection are being explored. In this paper, we propose a novel deep learning-based method for malicious JavaScript detection. In order to extract semantic information from JavaScript programs, we construct the Program Dependency Graph (PDG) and generate semantic slices, which preserve rich semantic information and are easy to transform into vectors. Then, a malicious JavaScript detection model based on the Bidirectional Long Short-Term Memory (BLSTM) neural network is proposed. Experimental results show that, in comparison with the other five methods, our model achieved the best performance, with an accuracy of 97.71% and an F1-score of 98.29%.

show abstract

SeedsMiner: Accurate URL Blacklist-Generation Based on Efficient OSINT Seed Collection

Cited by 3 publications

References 7 publications

Vulnerable JavaScript functions detection using stacking of convolutional neural networks

Vulnerable JavaScript functions detection using stacking of convolutional neural networks

VT-SOS: A Cost-effective URL Warning utilizing VirusTotal as a Second Opinion Service

Malicious JavaScript Detection Based on Bidirectional LSTM Model

Contact Info

Product

Resources

About