{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T16:42:46Z","timestamp":1772556166264,"version":"3.50.1"},"reference-count":34,"publisher":"MDPI AG","issue":"8","license":[{"start":{"date-parts":[[2022,7,22]],"date-time":"2022-07-22T00:00:00Z","timestamp":1658448000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>Websites on the Internet are becoming increasingly vulnerable to malicious JavaScript code because of its strong impact and dramatic effect. Numerous recent cyberattacks use JavaScript vulnerabilities, and in some cases employ obfuscation to conceal their malice and elude detection. To secure Internet users, an adequate intrusion-detection system (IDS) for malicious JavaScript must be developed. This paper proposes an automatic IDS of obfuscated JavaScript that employs several features and machine-learning techniques that effectively distinguish malicious and benign JavaScript codes. We also present a new set of features, which can detect obfuscation in JavaScript. The features are selected based on identifying obfuscation, a popular method to bypass conventional malware detection systems. The performance of the suggested approach has been tested on JavaScript obfuscation attacks. The studies have shown that IDS based on selected features has a detection rate of 94% for malicious samples and 81% for benign samples within the dimension of the feature vector of 60.<\/jats:p>","DOI":"10.3390\/fi14080217","type":"journal-article","created":{"date-parts":[[2022,7,22]],"date-time":"2022-07-22T12:53:45Z","timestamp":1658494425000},"page":"217","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":33,"title":["Detection of Obfuscated Malicious JavaScript Code"],"prefix":"10.3390","volume":"14","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9443-937X","authenticated-orcid":false,"given":"Ammar","family":"Alazab","sequence":"first","affiliation":[{"name":"School of Information Technology and Engineering, Melbourne Institute of Technology, Melbourne, VIC 3000, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ansam","family":"Khraisat","sequence":"additional","affiliation":[{"name":"School of Information Technology and Engineering, Melbourne Institute of Technology, Melbourne, VIC 3000, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2823-4776","authenticated-orcid":false,"given":"Moutaz","family":"Alazab","sequence":"additional","affiliation":[{"name":"Faculty of Artificial Intelligence, Al-Balqa Applied University, Amman 1705, Jordan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2202-202X","authenticated-orcid":false,"given":"Sarabjot","family":"Singh","sequence":"additional","affiliation":[{"name":"School of Information Technology and Engineering, Melbourne Institute of Technology, Melbourne, VIC 3000, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2022,7,22]]},"reference":[{"key":"ref_1","unstructured":"W3techs (2022, May 16). Usage Statistics of Client-Side Programming Languages for Websites. Available online: https:\/\/w3techs.com\/technologies\/overview\/client_side_language."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Kora\u0107, D., Damjanovi\u0107, B., and Simi\u0107, D. (2020, January 18\u201320). Information security in M-learning systems: Challenges and threats of using cookies. Proceedings of the 2020 19th International Symposium INFOTEH\u2014JAHORINA (INFOTEH), Sarajevo, Bosnia and Herzegovina.","DOI":"10.1109\/INFOTEH48170.2020.9066344"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"1690","DOI":"10.1016\/j.eswa.2013.08.066","article-title":"A novel hybrid intrusion detection method integrating anomaly detection with misuse detection","volume":"41","author":"Kim","year":"2014","journal-title":"Expert Syst. Appl."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1186\/s42400-021-00077-7","article-title":"A critical review of intrusion detection systems in the internet of things: Techniques, deployment strategy, validation strategy, attacks, public datasets and challenges","volume":"4","author":"Khraisat","year":"2021","journal-title":"Cybersecurity"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Alazab, A., Hobbs, M., Abawajy, J., and Alazab, M. (2012, January 2\u20135). Using feature selection for intrusion detection system. Proceedings of the 2012 International Symposium on Communications and Information Technologies (ISCIT), Gold Coast, QLD, Australia.","DOI":"10.1109\/ISCIT.2012.6380910"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3106739","article-title":"A survey of dynamic analysis and test generation for JavaScript","volume":"50","author":"Andreasen","year":"2017","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Sihwail, R., Omar, K., Zainol Ariffin, K.A., and Al Afghani, S. (2019). Malware detection approach based on artifacts in memory image and dynamic analysis. Appl. Sci., 9.","DOI":"10.3390\/app9183680"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Fass, A., Krawczyk, R.P., Backes, M., and Stock, B. (2018, January 28\u201329). Jast: Fully syntactic detection of malicious (obfuscated) javascript. Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Saclay, France.","DOI":"10.1007\/978-3-319-93411-2_14"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1186\/s42400-019-0038-7","article-title":"Survey of intrusion detection systems: Techniques, datasets and challenges","volume":"2","author":"Khraisat","year":"2019","journal-title":"Cybersecurity"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"184","DOI":"10.1049\/trit.2020.0026","article-title":"Deobfuscation, unpacking, and decoding of obfuscated malicious JavaScript for machine learning models detection performance improvement","volume":"5","author":"Ndichu","year":"2020","journal-title":"CAAI Trans. Intell. Technol."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"1092","DOI":"10.1002\/sec.1064","article-title":"JSOD: JavaScript obfuscation detector","volume":"8","author":"Lee","year":"2015","journal-title":"Secur. Commun. Netw."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Dua, S., and Du, X. (2016). Data Mining and Machine Learning in Cybersecurity, CRC Press.","DOI":"10.1201\/b10867"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"295","DOI":"10.1016\/j.cose.2004.09.008","article-title":"Feature deduction and ensemble design of intrusion detection systems","volume":"24","author":"Chebrolu","year":"2005","journal-title":"Comput. Secur."},{"key":"ref_14","first-page":"324","article-title":"Dimension Reduction in Intrusion Detection Features Using Discriminative Machine Learning Approach","volume":"10","author":"Bajaj","year":"2013","journal-title":"IJCSI Int. J. Comput. Sci. Issues"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Khraisat, A., Gondal, I., and Vamplew, P. (2018). An Anomaly Intrusion Detection System Using C5 Decision Tree Classifier, Springer International Publishing.","DOI":"10.1007\/978-3-030-04503-6_14"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"193","DOI":"10.1016\/j.eswa.2014.08.002","article-title":"On the combination of genetic fuzzy systems and pairwise learning for improving detection rates on Intrusion Detection Systems","volume":"42","author":"Elhag","year":"2015","journal-title":"Expert Syst. Appl."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Thaseen, S., and Kumar, C.A. (2013, January 21\u201322). An analysis of supervised tree based classifiers for intrusion detection system. Proceedings of the 2013 International Conference on Pattern Recognition, Informatics and Mobile Engineering, Salem, India.","DOI":"10.1109\/ICPRIME.2013.6496489"},{"key":"ref_18","first-page":"1242","article-title":"Study on classification algorithms for network intrusion systems","volume":"9","author":"Subramanian","year":"2012","journal-title":"J. Commun. Comput."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Criscione, C., Bosatelli, F., Zanero, S., and Maggi, F. (2014, January 23\u201324). ZARATHUSTRA: Extracting Webinject signatures from banking trojans. Proceedings of the 2014 Twelfth Annual International Conference on Privacy, Security and Trust, Toronto, ON, Canada.","DOI":"10.1109\/PST.2014.6890933"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Peiser, S.C., Friborg, L., and Scandariato, R. (2020). JavaScript Malware Detection Using Locality Sensitive Hashing, Springer International Publishing.","DOI":"10.1007\/978-3-030-58201-2_10"},{"key":"ref_21","unstructured":"Jordan, A., Gauthier, F., Hassanshahi, B., and Zhao, D. (2018). SAFE-PDF: Robust Detection of JavaScript PDF Malware Using Abstract Interpretation. arXiv."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"He, X., Xu, L., and Cha, C. (2018, January 4\u20137). Malicious JavaScript code detection based on hybrid analysis. Proceedings of the 2018 25th Asia-Pacific Software Engineering Conference (APSEC), Nara, Japan.","DOI":"10.1109\/APSEC.2018.00051"},{"key":"ref_23","first-page":"1","article-title":"Detection of Malicious JavaScript Code in Web Pages","volume":"10","author":"Patil","year":"2017","journal-title":"Indian J. Sci. Technol."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Song, X., Chen, C., Cui, B., and Fu, J. (2020). Malicious JavaScript Detection Based on Bidirectional LSTM Model. Appl. Sci., 10.","DOI":"10.3390\/app10103440"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"106887","DOI":"10.1016\/j.knosys.2021.106887","article-title":"Network intrusion detection with a novel hierarchy of distances between embeddings of hash IP addresses","volume":"219","author":"Carro","year":"2021","journal-title":"Knowl.-Based Syst."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"102218","DOI":"10.1016\/j.cose.2021.102218","article-title":"JSContana: Malicious JavaScript detection using adaptable context analysis and key feature extraction","volume":"104","author":"Huang","year":"2021","journal-title":"Comput. Secur."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Ndichu, S., Ozawa, S., Misu, T., and Okada, K. (2018, January 8\u201313). A Machine Learning Approach to Malicious JavaScript Detection Using Fixed Length Vector Representation. Proceedings of the 2018 International Joint Conference on Neural Networks (IJCNN), Rio de Janeiro, Brazil.","DOI":"10.1109\/IJCNN.2018.8489414"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Rozi, M.F., Kim, S., and Ozawa, S. (2020, January 19\u201324). Deep Neural Networks for Malicious JavaScript Detection Using Bytecode Sequences. Proceedings of the 2020 International Joint Conference on Neural Networks (IJCNN), Glasgow, UK.","DOI":"10.1109\/IJCNN48605.2020.9207134"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"331","DOI":"10.1016\/j.future.2019.12.013","article-title":"IoT type-of-traffic forecasting method based on gradient boosting neural networks","volume":"105","author":"Carro","year":"2020","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"381","DOI":"10.1007\/s12626-021-00086-5","article-title":"Epistemological equation for analysing uncontrollable states in complex systems: Quantifying cyber risks from the internet of things","volume":"15","author":"Radanliev","year":"2021","journal-title":"Rev. Socionetwork Strateg."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"109986","DOI":"10.1109\/ACCESS.2021.3101579","article-title":"Review of algorithms for artificial intelligence on low memory devices","volume":"9","author":"Radanliev","year":"2021","journal-title":"IEEE Access"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Xu, W., Zhang, F., and Zhu, S. (2012, January 16\u201318). The power of obfuscation techniques in malicious JavaScript code: A measurement study. Proceedings of the 2012 7th International Conference on Malicious and Unwanted Software, Fajardo, PR, USA.","DOI":"10.1109\/MALWARE.2012.6461002"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Likarish, P., Jung, E., and Jo, I. (2009, January 13\u201314). Obfuscated malicious javascript detection using classification techniques. Proceedings of the 2009 4th International Conference on Malicious and Unwanted Software (MALWARE), Montreal, QC, Canada.","DOI":"10.1109\/MALWARE.2009.5403020"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1080\/19393555.2011.624160","article-title":"Analysis and identification of malicious javascript code","volume":"21","author":"Fraiwan","year":"2012","journal-title":"Inf. Secur. J. Glob. Perspect."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/14\/8\/217\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T23:55:01Z","timestamp":1760140501000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/14\/8\/217"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,7,22]]},"references-count":34,"journal-issue":{"issue":"8","published-online":{"date-parts":[[2022,8]]}},"alternative-id":["fi14080217"],"URL":"https:\/\/doi.org\/10.3390\/fi14080217","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,7,22]]}}}