Detection of obfuscated JavaScript malware using Mahalanobis-distance
-
- Kentaro Takamori
- Production System Engineering Course, Kumamoto National College of Technology
-
- Mai Iwamoto
- Center for Technical and Educational Support
-
- Shunsuke Oshima
- ICT Center for Learning Support
-
- Takuo Nakashima
- Dep. of Electronics Engineering and Computer Science, Tokai University
Bibliographic Information
- Other Title
-
- マハラノビス距離を用いた難読化マルウェアJavaScriptの検出
Search this article
Abstract
Increasing of JavaScripts of malware requires the automatic detection system for malware in these days. Our research takes note of the occurrence probability both of obfuscated JavaScript malware and other JavaScript and state transition of first order Markov source. As the results of pre-experiments, statistical significance was found. We propose the detection method using Mahalanobis-distance with the probability variables of the rate of the number of upper Nth of appearance probability of characters and the probability variables of state transition of first order Markov source. As the results of experiments, the method of Mahalanobis distance with two probability variables was found the effectiveness method compared to the method using single probability.
Journal
-
- IPSJ SIG Notes
-
IPSJ SIG Notes 2014 (17), 1-7, 2014-09-11
Information Processing Society of Japan (IPSJ)
- Tweet
Keywords
Details 詳細情報について
-
- CRID
- 1572543027741792256
-
- NII Article ID
- 110009822228
-
- NII Book ID
- AN10116224
-
- Text Lang
- ja
-
- Data Source
-
- CiNii Articles