2022 Volume 30 Pages 591-600
Malicious JavaScript detection using machine learning models have shown many great results over the years. The main problem is that the dataset used to train the model tends to be imbalanced, as the size of the malicious dataset is far smaller than the benign one. Many of the previous techniques ignore most of the benign samples and focus on training a machine learning model with a balanced dataset. However, real-world data only has a small fraction of malicious JavaScript, making it an imbalanced dataset. This paper proposes a cGAN-based filter model that can quickly classify JavaScript malware using Natural Language Processing (NLP) and oversampling. The feature of the JavaScript file will be converted into vector form and used to train the SVM classifier. Different NLP models and oversampling methods are tested to achieve a high recall score, such as the Doc2Vec and Latent Semantic Indexing (LSI) models. In this paper, a cGAN model will be used to generate new training malicious data based on the original training dataset. We evaluate our models with a dataset of over 30,000 samples obtained from top popular websites, PhishTank, and GitHub. The experimental result shows that the best recall score achieves 0.78 with the LSI model.
