摘要:In recent years, JavaScript-based attacks have become one of the most common and successful types of attack. Existing techniques for detecting malicious JavaScripts could fail for di.erent reasons. Some techniques are tailored on specific kinds of attacks, and are ine.ective for others. Some other techniques require costly computational resources to be implemented. Other techniques could be circumvented with evasion methods. This paper proposes a metho d for detecting malicious JavaScript code based on five features that capture di.erent characteristics of a script: execution time, external referenced domains and calls to JavaScript functions. Mixing di.erent types of features could result in a more e.ective detection technique, and overcome the limitations of existing tools created for identifying malicious JavaScript. The experimentation carried out suggests that a combination of these features is able to successfully detect malicious JavaScript code (in the best cases we obtained a precision of 0.979 and a recall of 0.978).
