{"id":"https://openalex.org/W2970323597","doi":"https://doi.org/10.1145/3359789.3359813","title":"JStap","display_name":"JStap","publication_year":2019,"publication_date":"2019-11-22","ids":{"openalex":"https://openalex.org/W2970323597","doi":"https://doi.org/10.1145/3359789.3359813","mag":"2970323597"},"language":"en","primary_location":{"id":"doi:10.1145/3359789.3359813","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3359789.3359813","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 35th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5037725779","display_name":"Aurore Fass","orcid":"https://orcid.org/0000-0001-6611-4447"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Aurore Fass","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102730269","display_name":"Michael Backes","orcid":"https://orcid.org/0000-0002-7130-9211"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Michael Backes","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5087823285","display_name":"Ben Stock","orcid":"https://orcid.org/0000-0001-9659-0700"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Ben Stock","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security","institution_ids":["https://openalex.org/I4210128801"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5037725779"],"corresponding_institution_ids":["https://openalex.org/I4210128801"],"apc_list":null,"apc_paid":null,"fwci":4.0059,"has_fulltext":false,"cited_by_count":63,"citation_normalized_percentile":{"value":0.94782344,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"257","last_page":"269"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.883152961730957},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.6324158310890198},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.528456449508667},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.4746606647968292},{"id":"https://openalex.org/keywords/modular-design","display_name":"Modular design","score":0.4291716516017914},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.4144141674041748},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.40588629245758057},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.37359392642974854},{"id":"https://openalex.org/keywords/natural-language-processing","display_name":"Natural language processing","score":0.36754316091537476},{"id":"https://openalex.org/keywords/information-retrieval","display_name":"Information retrieval","score":0.34515249729156494},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.29228174686431885}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.883152961730957},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.6324158310890198},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.528456449508667},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.4746606647968292},{"id":"https://openalex.org/C101468663","wikidata":"https://www.wikidata.org/wiki/Q1620158","display_name":"Modular design","level":2,"score":0.4291716516017914},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.4144141674041748},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.40588629245758057},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.37359392642974854},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.36754316091537476},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.34515249729156494},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.29228174686431885},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3359789.3359813","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3359789.3359813","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 35th Annual Computer Security Applications Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.550000011920929}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":42,"referenced_works":["https://openalex.org/W58852127","https://openalex.org/W202191487","https://openalex.org/W1519699895","https://openalex.org/W1970867218","https://openalex.org/W1976985517","https://openalex.org/W1987644478","https://openalex.org/W1988146703","https://openalex.org/W1992114977","https://openalex.org/W2014466911","https://openalex.org/W2026054276","https://openalex.org/W2044675702","https://openalex.org/W2055931054","https://openalex.org/W2064274762","https://openalex.org/W2095450067","https://openalex.org/W2102475112","https://openalex.org/W2120297918","https://openalex.org/W2121749752","https://openalex.org/W2142194171","https://openalex.org/W2143681128","https://openalex.org/W2144344516","https://openalex.org/W2158698691","https://openalex.org/W2160289821","https://openalex.org/W2165004968","https://openalex.org/W2167464078","https://openalex.org/W2339647006","https://openalex.org/W2401293755","https://openalex.org/W2432142698","https://openalex.org/W2496872468","https://openalex.org/W2528185830","https://openalex.org/W2574797807","https://openalex.org/W2604507227","https://openalex.org/W2625973504","https://openalex.org/W2732351623","https://openalex.org/W2749572357","https://openalex.org/W2800651024","https://openalex.org/W2890228473","https://openalex.org/W2912248945","https://openalex.org/W2962940036","https://openalex.org/W2964636835","https://openalex.org/W2970044827","https://openalex.org/W3104158743","https://openalex.org/W4299301436"],"related_works":["https://openalex.org/W2461078469","https://openalex.org/W123790205","https://openalex.org/W2085515337","https://openalex.org/W3087706721","https://openalex.org/W4287664162","https://openalex.org/W3102852402","https://openalex.org/W827014118","https://openalex.org/W4385695489","https://openalex.org/W4247806713","https://openalex.org/W4378700020"],"abstract_inverted_index":{"Given":[0],"the":[1,4,27,43,84,131,166,171],"success":[2],"of":[3,20,30,46,87,105,112,118,126,133,173,179,184,190,203,233,243],"Web":[5],"platform,":[6],"attackers":[7],"have":[8],"abused":[9],"its":[10],"main":[11],"programming":[12],"language,":[13],"namely":[14],"JavaScript,":[15],"to":[16,26,40,57,64,228,235],"mount":[17],"different":[18,110],"types":[19],"attacks":[21],"on":[22,37,130,157,196],"their":[23],"victims.":[24],"Due":[25],"large":[28],"volume":[29],"such":[31],"malicious":[32],"scripts,":[33],"detection":[34,80,85],"systems":[35],"rely":[36],"static":[38,49,78],"analyses":[39],"quickly":[41],"process":[42],"vast":[44],"majority":[45],"samples.":[47,163],"These":[48],"approaches":[50],"are":[51],"not":[52],"infallible":[53],"though":[54],"and":[55,90,97,120,123,155,240],"lead":[56],"misclassifications.":[58],"Also,":[59],"they":[60],"lack":[61],"semantic":[62,121],"information":[63],"go":[65],"beyond":[66],"purely":[67],"syntactic":[68],"approaches.":[69],"In":[70,146],"this":[71],"paper,":[72],"we":[73,137,153,168,246],"propose":[74],"JStap,":[75],"a":[76,139,193,219],"modular":[77],"JavaScript":[79],"system,":[81],"which":[82,152],"extends":[83],"capability":[86],"existing":[88,150],"lexical":[89],"AST-based":[91],"pipelines":[92],"by":[93],"also":[94,169],"leveraging":[95],"control":[96],"data":[98],"flow":[99],"information.":[100],"Our":[101],"detector":[102],"is":[103],"composed":[104],"ten":[106],"modules,":[107,245],"including":[108],"five":[109],"ways":[111,125],"abstracting":[113],"code,":[114],"with":[115,187,207],"differing":[116],"levels":[117],"context":[119],"information,":[122],"two":[124],"extracting":[127],"features.":[128],"Based":[129],"frequency":[132],"these":[134],"specific":[135],"patterns,":[136],"train":[138],"random":[140],"forest":[141],"classifier":[142],"for":[143],"each":[144],"module.":[145],"practice,":[147],"JStap":[148,214],"outperforms":[149],"systems,":[151],"reimplemented":[154],"tested":[156],"our":[158,185,204,244,248],"dataset":[159,186,206],"totaling":[160],"over":[161,210],"270,000":[162],"To":[164],"improve":[165],"detection,":[167],"combine":[170],"predictions":[172],"several":[174],"modules.":[175],"A":[176],"first":[177],"layer":[178],"unanimous":[180],"voting":[181],"classifies":[182],"93%":[183],"an":[188,197,208],"accuracy":[189,209],"99.73%,":[191],"while":[192],"second":[194],"layer-based":[195],"alternative":[198],"modules'":[199],"combination-labels":[200],"another":[201],"6.5%":[202],"initial":[205],"99%.":[211],"This":[212],"way,":[213],"can":[215],"be":[216],"used":[217],"as":[218],"precise":[220],"pre-filter,":[221],"meaning":[222],"that":[223],"it":[224],"would":[225],"only":[226],"need":[227],"forward":[229],"less":[230],"than":[231],"1%":[232],"samples":[234],"additional":[236],"analyses.":[237],"For":[238],"reproducibility":[239],"direct":[241],"deployability":[242],"make":[247],"system":[249],"publicly":[250],"available.1":[251]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":9},{"year":2024,"cited_by_count":16},{"year":2023,"cited_by_count":13},{"year":2022,"cited_by_count":7},{"year":2021,"cited_by_count":13},{"year":2020,"cited_by_count":4}],"updated_date":"2026-04-28T14:05:53.105641","created_date":"2019-09-05T00:00:00"}