Currently, JavaScript is a popular scripting language for building web pages. It allows website creators to run any program code they want when users are visiting their websites. Meanwhile, malicious JavaScript becomes one of the biggest threats in the cyber world. Researchers are now searching for a convenient and effective way to detect JavaScript malware. Consequently, this paper aims to propose a novel method of detecting the JavaScript malware by using a high-level fuzzy Petri net (HLFPN). First, the web pages are crawled to get JavaScript files. Second, those main features are extracted from JavaScript files. In total, six main features of the JavaScript, including longest word size, entropy, specific character, commenting style, function calls, and abstract syntax tree (AST) features are collected. Finally, an HLFPN model is used to determine whether the malicious code is available or not. The experimental results have fully demonstrated the effectiveness of our proposed approach.
XueY., WangJ., LiuY., XiaoH., SunJ. and ChandramohanM., “Detection and classification of malicious JavaScript via attack behavior modelling,” Procs. of the 2015 International Symposium on Software Testing and Analysis (ISSTA 2015), pp. 48–59, Jul. 2015.
7.
ChoiY.H., KimT.G., ChoiS.J. and LeeC.W., “Automatic detection for JavaScript obfuscation attacks in web pages through string pattern analysis,” International Conference on Future Generation Information Technology, pp. 160–172, 2009.
8.
SundhararajanMahalingam, GaoXiao-Zhi and Vahdat NejadHamed, “Artificial intelligent techniques and its applications,”Journal of Intelligent & Fuzzy Systems34(02) (2018), 755–760.
BlackPaul, GordalIqbal and LaytonRobert, “A survey of similarities in banking malware behaviors,” Computers & Security, Available online: 9 Oct. 2017.
12.
RaoZhihong, NiuWeina, ZhangXiao Song and LiHongwei, “Tor anonymous traffic identification based on gravitational clustering,”Peer-to-Peer Networking and Applications11(3) (2018), 592–601.
13.
RobidouxR., XuH., XingL. and ZhouM., Automated modeling of dynamic reliability block diagrams using colored Petri nets, IEEE Transactions on Systems, Man, Cybernetics-Part A: Systems and Humans40(2) (2010), 337–351.
14.
OgataH. and YanoY., “Knowledge awareness map for computer-supported ubiquitous language-learning,” Procs. of the 2nd IEEE International Workshop on Wireless and Mobile Technologies in Education, pp. 19–25, Mar. 2004.
15.
YuanGuoqiang, TianYi and WangShuming, “A VaR-based optimization model for crop production planning under imprecise uncertainty,”Journal of Intelligent & Fuzzy Systems33(01) (2017), 1–14.
16.
ShenV.R.L., YangC.Y., WangY.Y. and LinY.H., Application of high-level fuzzy Petri nets to educational grading system, Experts Systems with Applications39(17) (2012), 12935–12946.
17.
StiborekJan, PevnyTomas and RehakMartin, Probabilistic analysis of dynamic malware traces, Computers & Security74 (2018), 221–239.
18.
ShenRong-Kuan, LinYi-Nan, Tong-Ying JuangTony, ShenVictor R.L. and LimSoo Yong, Automatic detection of video shot boundary in social media using a hybrid approach of HLFPN and keypoint matching, IEEE Transactions on Computational Social Systems5(1) (2018), 210–219.
19.
ShenV.R.L., LaiH.Y. and LaiA.F., The implementation of a smartphone-based fall detection system using a high-level fuzzy Petri net, Applied Soft Computing26(1) (2015), 390–400.
20.
ShenV.R.L., Knowledge representation using high-level fuzzy Petri nets, IEEE Transactions on Systems, Man, and Cybernetics-Part A: Systems and Humans36(6) (2006), 2120–2127.
21.
ShenV.R.L., Reinforcement learning for high-level fuzzy Petri nets, IEEE Transactions on Systems, Man, and Cybernetics-Part B: Cybernetics33(2) (2003), 351–362.
22.
WangXiaomin, LiuYing, LiPiyu and LiuJianbo, Multi-granularity soft rough set and its application in multi-attribute decision making, Journal of Intelligent & Fuzzy Systems33(04) (2017), 2033–2045.
23.
ShenV.R.L., Correctness in hierarchical knowledge-based requirements, IEEE Transactions on Systems, Man, and Cybernetics-Part B: Cybernetics30(4) (2000), 625–631.
24.
ShenV.R.L., ChangY.S. and JuangT.T.Y., Supervised and unsupervised learning by using Petri nets, IEEE Transactions on Systems, Man, and Cybernetics-Part A: Systems and Humans40(2) (2010), 363–375.
25.
CraioveanuC., Server-side script polymorphism: Techniques of analysis and defense, 2008 3rd International Conference on Malicious and Unwanted Software (MALWARE), pp. 9–16, Oct. 2008.
“Fighting malware and cyber criminality,” MalwareURL Team, [Online]. Available: https://www.malwareurl.com/. [Accessed 30 Mar. 2018].
31.
WangJ., XueY., LiuY. and TanT.H., JSDC: A hybrid approach for JavaScript malware detection and classification, Procs. of the 10th ACM Symposium on Information, Computer and Communications Security (ASIA CCS ’15), pp. 109–120, Apr. 2015.
32.
“The Python Standard Library,” Python Software Foundation, [Online]. Available: https://docs.python.org/3/library/. [Accessed 28 Mar. 2018].
33.
IqbalSalman, Mat KiahMiss Laiha, DhaghighiBabak, HussainMuzammil, KhanSuleman, Khurram KhanMuhammad and Raymond ChooKim-Kwang, On cloud security attacks: A taxonomy and intrusion detection and prevention as a service, Journal of Network and Computer Applications74 (2016), 98–120.
