Article Preview
Top1. Introduction
Due to the popularity of internet-rich applications, there subsist more business logic and the tasks are migrated from the servers to the clients, and these migrated logics are executed in JavaScript (Xue, et al., 2015). JavaScript is considered as a browser scripting language, which permits the designers to devise client-side interfaces for web-based applications. On the other hand, the JavaScript code is also utilized for carrying out attacks in opposition to the user’s browser (Cova, et al., 2010). Attackers can execute suspicious behavior by introducing malicious JavaScript code in the web pages that involved dispersal of Trojan viruses, acquisition of user sensitive information, and the extraction of crucial data (Lubowicka, 2019). The vibrant temperament of the JavaScript language and its rigid incorporation with the browser made it complex to discover and obstruct malevolent JavaScript code (Cova, et al., 2010). In addition, malicious JavaScript poses the ability to detect the software versions and choose an attuned exploit to execute the code (Likarish, et al., 2009). For protecting users, several browsers are utilized that included sandboxing, limited the resources JavaScript. At a high level, JavaScript utilized malicious code in an unanticipated manner for fooling users to take insecure actions (Fang, et al., 2020).
The determination of suspicious JavaScript is essential for protecting users in order to prevent contemporary malware attacks. Due to its prosperity and capability for automatically running in several operating systems made the malicious JavaScript was extensively mistreated by hackers to infect computers, users, and mobile devices (Kolekar & Mukhedkar, 2019) (Curtsinger, et al., 2011). The Malicious codes involve obfuscation for hiding malicious content that unpacked or decrypted fundamental malicious scripts on implementation (Xu, et al., 2013). To protect malicious JavaScript code, most internet users relied on anti-virus software (Xu, et al., 2012). The malicious JavaScript code carries out certain tasks that include recording keystrokes, browser cookies theft, defacement of website, hacking, and Trojan horses. In addition, it is feasible to generate a botnet by tricking users to download malware using social engineering (Cova, et al., 2010). The traditional security solution like Intrusion Detection Systems (IDS) (Veeraiah and Krishna, 2018) (Ibrahim and Zainal, 2020) and antivirus was adapted along with signature and heuristic-based methods for detecting attacks in various fields, such as medicine, banking (Desogus and Venturi, 2019), finance (Desogus and Casu, 2019) and so on. The Heuristic-based techniques like analysis of files, emulation of files, and generic signature detection utilized a series of practiced decision rules (Choi, et al., 2009).