Obfuscated malicious javascript detection using classification techniques.

As the World Wide Web expands and more users join, it becomes an increasingly attractive means of distributing malware. Malicious javascript frequently serves as the initial infection vector for malware. We train several classifiers to detect malicious javascript and evaluate their performance. We propose features focused on detecting obfuscation, a common technique to bypass traditional malware detectors. As the classi- fiers show a high detection rate and a low false alarm rate, we propose several uses for the classifiers, in- cluding selectively suppressing potentially malicious javascript based on the classifier's recommendations, achieving a compromise between usability and secu- rity.