Detecting Malicious JavaScript Code by Code-Specialized LLM
摘要
Malicious JavaScript remains a significant cybersecurity threat. The challenge is that the detection rate of unknown malicious JavaScript is low. On the other hand, large language models (LLMs), which excel in the ability to explain codes, are expected to be effective in the detection field. However, quantitative evaluation and detailed analysis in the detection of malicious JavaScript using LLMs is still insufficient. This study proposes an offline-based LLMs approach for malicious JavaScript detection, specifically evaluating LLaMA2, LLaMA3, and the code-specialized CodeLLaMA. Our results show CodeLLaMA achieved a high F-measure of 0.89. Furthermore, we thoroughly analyzed the impact of individual tokens on detection using both gradient-based and attention-based methods. This analysis revealed that the gradient-based approach offers more explainable features for malicious tokens. These findings highlight the strong potential of LLMs, particularly code-specialized models, for effective malicious JavaScript detection and improve the interpretability of their decisions.