This repository contains Dennis Salzmann's reimplementation of the concept presented by Rieck et al. with Cujo (static part only). Please note that in its current state, the code is a Poc and not a fully-fledged production-ready API.

In our reimplementation, we combined a lexical analysis of JavaScript inputs with machine learning algorithms to automatically and accurately detect malicious samples.

jassi installation:

cd src
git clone https://github.com/rieck/jassi.git
cd jassi
./bootstrap
./configure
make
cd ../..

python3 installations:

install python3
install python3-pip
pip3 install -r requirements.txt

To build a model from the folders BENIGN and MALICIOUS, containing JS files, use the option -ti BENIGN MALICIOUS and add their corresponding ground truth with -tc benign malicious. To save the model in the MODEL path, use the option --save_model MODEL:

$ python3 src/main.py -ti  BENIGN MALICIOUS -tc benign malicious --save_model MODEL

The process is similar for the classification process. To classify JS samples from the folders BENIGN2 and MALICIOUS2, use the option -ai BENIGN2 MALICIOUS2. Add their corresponding ground truth with the option -ac benign malicious. To load an existing model MODEL to be used for the classification process, use the option --load_model MODEL:

$ python3 src/main.py -ai  BENIGN2 MALICIOUS2 -ac benign malicious --load_model MODEL

This project is licensed under the terms of the AGPL3 license, which you can find in LICENSE.