# ScriptNet: Neural Static Analysis for Malicious JavaScript Detection

**Authors:** Jack W. Stokes, Rakshit Agrawal, Geoff McDonald, Matthew Hausknecht

arXiv: 1904.01126 · 2019-04-03

## TL;DR

ScriptNet introduces a neural static analysis system using the CPoLS model to effectively detect malicious JavaScript files at web scale, achieving high accuracy and outperforming baselines.

## Contribution

The paper presents a novel neural static analysis approach with the CPoLS model for JavaScript malware detection, trained end-to-end for improved performance.

## Key findings

- 97.20% true positive rate at 0.50% false positive rate
- Outperforms baseline models significantly
- Effective processing of large JavaScript datasets

## Abstract

Malicious scripts are an important computer infection threat vector in the wild. For web-scale processing, static analysis offers substantial computing efficiencies. We propose the ScriptNet system for neural malicious JavaScript detection which is based on static analysis. We use the Convoluted Partitioning of Long Sequences (CPoLS) model, which processes Javascript files as byte sequences. Lower layers capture the sequential nature of these byte sequences while higher layers classify the resulting embedding as malicious or benign. Unlike previously proposed solutions, our model variants are trained in an end-to-end fashion allowing discriminative training even for the sequential processing layers. Evaluating this model on a large corpus of 212,408 JavaScript files indicates that the best performing CPoLS model offers a 97.20% true positive rate (TPR) for the first 60K byte subsequence at a false positive rate (FPR) of 0.50%. The best performing CPoLS model significantly outperform several baseline models.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1904.01126/full.md

## Figures

9 figures with captions in the complete paper: https://tomesphere.com/paper/1904.01126/full.md

## References

40 references — full list in the complete paper: https://tomesphere.com/paper/1904.01126/full.md

---
Source: https://tomesphere.com/paper/1904.01126