Graph Learning for the Detection of Stealthy JavaScript in Web Applications
摘要
This paper presents an approach to detecting malicious JavaScript code based on Graph Neural Networks (GNNs). The proposed method converts raw JavaScript code into an Abstract Syntax Tree (AST), which is subsequently transformed into a graph whose nodes and edges capture the structural and semantic dependencies within the code. For each graph node, a feature vector is constructed, incorporating syntactic categories, semantic flags, and structural metrics. The study evaluates baseline GNN architectures (GraphSAGE, GAT, GIN, DGCNN) alongside their modifications and introduces a novel hybrid architecture that integrates GCN, GAT, and GraphSAGE with multi-scale pooling and an attention mechanism. The final model demonstrated high performance on the constructed dataset, achieving an accuracy of 98.56% and an AUC of 0.9991. The results confirm the effectiveness of graph-based methods for source code analysis and malicious script detection, including obfuscated and embedded scripts within legitimate resources. The proposed approach can be integrated into industrial web traffic protection systems and email gateways, as well as serve as a component within comprehensive threat analysis platforms.