JSRevealer

Introduction

This repository contains the code for the paper: JSReveler: A Robust Malicious JavaScript Detector against Obfuscation. JSRevealer is a robust, effective, scalable, and interpretable detector for malicious JavaScript. It consists of four components, which are path extraction, path embedding, feature extraction, and classification. First, path extraction parses JavaScript files into ASTs, adds data flow information as enhanced ASTs, and then traverse those enhanced ASTs to obtain the paths. Next, in the path embedding, neural networks and attention mechanisms are used to get the embeddings of the paths, namely path vectors, and the corresponding weights. After that, in the feature extraction stage, outlier detection is performed on those vectors with weights. Then the selected vectors are clustered, and the features are obtained by filtering the clusters. Finally, these features are used for learning and classification.