Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Adversarially Robust and Interpretable Magecart Malware Detection

Pedro Pereira, José Gouveia, João Vitorino, Eva Maia, Isabel Praça

TL;DR

This work tackles Magecart detection by coupling machine learning with a behavior-based Deterministic Finite Automaton (DFA) to capture both structural and temporal patterns in client-side JavaScript. A 103-feature dataset, derived from Behavioral DFA outputs and behavioral/contextual features, underpins a grid-searched, hyperparameter-tuned evaluation of diverse models, with 60 features selected by random-forest importance. The authors assess robustness under adversarial evasion using ART and A2PM, and they propose a hybrid interpretability pipeline that combines SHAP attributions, DFA reasoning, and an LLM (LLaMA-4 Scout) to produce accessible explanations. Results indicate that SVM offers the best overall performance and resilience in adversarial settings, while the explainability framework enhances transparency for security analysts, supporting practical deployment in real-world web environments and informing future extensions to broader JavaScript threats.

Abstract

Magecart skimming attacks have emerged as a significant threat to client-side security and user trust in online payment systems. This paper addresses the challenge of achieving robust and explainable detection of Magecart attacks through a comparative study of various Machine Learning (ML) models with a real-world dataset. Tree-based, linear, and kernel-based models were applied, further enhanced through hyperparameter tuning and feature selection, to distinguish between benign and malicious scripts. Such models are supported by a Behavior Deterministic Finite Automaton (DFA) which captures structural behavior patterns in scripts, helping to analyze and classify client-side script execution logs. To ensure robustness against adversarial evasion attacks, the ML models were adversarially trained and evaluated using attacks from the Adversarial Robustness Toolbox and the Adaptative Perturbation Pattern Method. In addition, concise explanations of ML model decisions are provided, supporting transparency and user trust. Experimental validation demonstrated high detection performance and interpretable reasoning, demonstrating that traditional ML models can be effective in real-world web security contexts.

Adversarially Robust and Interpretable Magecart Malware Detection

TL;DR

This work tackles Magecart detection by coupling machine learning with a behavior-based Deterministic Finite Automaton (DFA) to capture both structural and temporal patterns in client-side JavaScript. A 103-feature dataset, derived from Behavioral DFA outputs and behavioral/contextual features, underpins a grid-searched, hyperparameter-tuned evaluation of diverse models, with 60 features selected by random-forest importance. The authors assess robustness under adversarial evasion using ART and A2PM, and they propose a hybrid interpretability pipeline that combines SHAP attributions, DFA reasoning, and an LLM (LLaMA-4 Scout) to produce accessible explanations. Results indicate that SVM offers the best overall performance and resilience in adversarial settings, while the explainability framework enhances transparency for security analysts, supporting practical deployment in real-world web environments and informing future extensions to broader JavaScript threats.

Abstract

Magecart skimming attacks have emerged as a significant threat to client-side security and user trust in online payment systems. This paper addresses the challenge of achieving robust and explainable detection of Magecart attacks through a comparative study of various Machine Learning (ML) models with a real-world dataset. Tree-based, linear, and kernel-based models were applied, further enhanced through hyperparameter tuning and feature selection, to distinguish between benign and malicious scripts. Such models are supported by a Behavior Deterministic Finite Automaton (DFA) which captures structural behavior patterns in scripts, helping to analyze and classify client-side script execution logs. To ensure robustness against adversarial evasion attacks, the ML models were adversarially trained and evaluated using attacks from the Adversarial Robustness Toolbox and the Adaptative Perturbation Pattern Method. In addition, concise explanations of ML model decisions are provided, supporting transparency and user trust. Experimental validation demonstrated high detection performance and interpretable reasoning, demonstrating that traditional ML models can be effective in real-world web security contexts.

Paper Structure

This paper contains 14 sections, 2 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Methods
  4. Data Preprocessing
  5. Machine Learning Models
  6. Adversarial Robustness Evaluation
  7. Interpretable Model Explanations
  8. Results and Discussion
  9. Conclusions
  10. Example Explanations and Outputs
  11. SHAP Feature Contributions Example
  12. Behavior DFA Output Example
  13. Example LLM-Generated Explanations
  14. Narrative Explanation