JavaScript Malware Detection Using Locality Sensitive Hashing

Publikationstyp
Conference Paper
Date Issued
2020-09
Sprache
English
Author(s)
Peiser, Stefan Carl  
Friborg, Ludwig  
Scandariato, Riccardo  
TORE-URI
http://hdl.handle.net/11420/10253
Journal
IFIP advances in information and communication technology  
Volume
580
Start Page
143
End Page
154
Citation
International Conference on Information Security and Privacy Protection (SEC 2020)
Contribution to Conference
35th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2020  
Publisher DOI
10.1007/978-3-030-58201-2_10
Scopus ID
2-s2.0-85092095128
In this paper, we explore the idea of using locality sensitive hashes as input features to a feed-forward neural network with the goal of detecting JavaScript malware through static analysis. An experiment is conducted using a dataset containing 1.5M evenly distributed benign and malicious samples provided by the anti-malware company Cyren. Four different locality sensitive hashing algorithms are tested and evaluated: Nilsimsa, ssdeep, TLSH, and SDHASH. The results show a high prediction accuracy, as well as low false positive and negative rates. These results show that LSH based neural networks are a competitive option against other state-of-the-art JavaScript malware classification solutions.
Subjects
JavaScript
LSH
Malware
Neural network
MLE@TUHH