Journal
JOURNAL OF SYSTEMS AND SOFTWARE
Volume 137, Issue -, Pages 67-77Publisher
ELSEVIER SCIENCE INC
DOI: 10.1016/j.jss.2017.11.001
Keywords
Code injection; Hybrid application; Abstract syntax tree; Deep learning
Funding
- NSFC [61375054, 61402255, 61202358]
- National High-tech R&D Program of China [2015AA016102]
- Guangdong Natural Science Foundation [2015A030310492, 2014A030313745]
- RD Program of Shenzhen [JCYJ20160531174259309, JCYJ20160301152145171, JCYJ20150630170146831, JSGG20150512162853495, Shenfagai [2015] 986]
- Cross fund of Graduate School at Shenzhen, Tsinghua University [JC20140001]
Ask authors/readers for more resources
Mobile phones are becoming increasingly pervasive. Among them, HTML5-based hybrid applications are more and more popular because of their portability on different systems. However these applications suffer from code injection attacks. In this paper, we construct a-novel deep learning network, Hybrid Deep Learning Network (HDLN), and use it to detect these attacks. At first, based on our previous work, we extract more features from Abstract Syntax Tree (AST) of JavaScript and employ three methods to select key features. Then we get the feature vectors and train HDLN to distinguish vulnerable applications from normal ones. Finally thorough experiments are done to validate our methods. The results show our detection approach with HDLN achieves 97.55% in accuracy and 97.60% in AUC, which outperforms those with other traditional classifiers and gets higher average precision than other detection methods. (C) 2017 Elsevier Inc. All rights reserved.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available