Date of Publication :9th February 2017

Abstract: JavaScript is a scripting language. On one hand, it allows developers to create client-side interfaces for web applications. On the other hand, the malicious JavaScript code infects the web user and web browser. In order to detect malicious activities, two methods viz. static and dynamic detection methods have been discussed in the literature. The dynamic analysis method has better capability in detecting malicious activities compared to the static detection method. In this paper, we present a method based on Support Vector Machine (SVM) that would identify the malicious JavaScript code at the beginning itself. In addition, our proposed method supports the analysis of obfuscated code and analyzes the system offline. Further, it analyzes the web pages and identifies the type of attack. However, our focus is on the Cross-Site Scripting (XSS) attack.

Reference :