Malicious JavaScript remains a significant cybersecurity threat. The challenge is that the detection rate of unknown malicious JavaScript is low. On the other hand, large language models (LLMs), which excel in the ability to explain codes, are expected to be effective in the detection field. However, quantitative evaluation and detailed analysis in the detection of malicious JavaScript using LLMs is still insufficient. This study proposes an offline-based LLMs approach for malicious JavaScript detection, specifically evaluating LLaMA2, LLaMA3, and the code-specialized CodeLLaMA. Our results show CodeLLaMA achieved a high F-measure of 0.89. Furthermore, we thoroughly analyzed the impact of individual tokens on detection using both gradient-based and attention-based methods. This analysis revealed that the gradient-based approach offers more explainable features for malicious tokens. These findings highlight the strong potential of LLMs, particularly code-specialized models, for effective malicious JavaScript detection and improve the interpretability of their decisions.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Detecting Malicious JavaScript Code by Code-Specialized LLM

  • Keiichi Kinoshita,
  • Mamoru Mimura

摘要

Malicious JavaScript remains a significant cybersecurity threat. The challenge is that the detection rate of unknown malicious JavaScript is low. On the other hand, large language models (LLMs), which excel in the ability to explain codes, are expected to be effective in the detection field. However, quantitative evaluation and detailed analysis in the detection of malicious JavaScript using LLMs is still insufficient. This study proposes an offline-based LLMs approach for malicious JavaScript detection, specifically evaluating LLaMA2, LLaMA3, and the code-specialized CodeLLaMA. Our results show CodeLLaMA achieved a high F-measure of 0.89. Furthermore, we thoroughly analyzed the impact of individual tokens on detection using both gradient-based and attention-based methods. This analysis revealed that the gradient-based approach offers more explainable features for malicious tokens. These findings highlight the strong potential of LLMs, particularly code-specialized models, for effective malicious JavaScript detection and improve the interpretability of their decisions.