Enhanced Approach to Detect Malicious VBScript Files Based on Data Mining Techniques

Script-based malware has been used profusely in last years. It is not only provides malware writers with traditional capabilities of File-based malware but also, increases the evasion techniques by deploying different easy methods of script obfuscation techniques. Moreover, according to McAfee Labs Threat Report, Script-based malwares were used to hit healthcare sector in 2017. Healthcare accounted for more than 26 percent of the 52 million new cyber incidents in the second quarter of 2017. In this paper, new detection features have been added to Wael et. al's algorithm in order to improve the detection ratio and decrease the false positive results. The proposed algorithm is used to detect malicious scripts specifically for VBScript files. It is based on machine learning techniques and static analysis of the defined features. Experimental results show that the suggested algorithm can achieve 98% detection ratio. (C) 2018 The Authors. Published by Elsevier Ltd.