Research Article
A Combined Static and Dynamic Analysis Approach to Detect Malicious Browser Extensions
Table 2
All the 51 features and the relevant importance scores.
| Serial number | Feature | Score |
| | All http domains | 0.0107 | | All https domains | 0.0104 | | webRequest | 0.0115 | | webRequestBlocking | 0.0113 | | Tabs | 0.011 | | Storage | 0.0103 | | Notifications | 0.011 | | Cookies | 0.0111 | | Management | 0.0103 | | contextMenus | 0.0103 | | Whitespace percentage | 0.0197 | | Average line length | 0.0116 | | Specific characters | 0.0197 | | Word size | 0.0115 | | String entropy | 0.0181 | | Code generation functions | 0.0319 | | DOM change methods | 0.0209 | | Event handlers | 0.0733 | | HTTP scripts | 0.0367 | | Modification callbacks | 0.0428 | | XMLHttpRequests | 0.0423 | | Keyword density | 0.0193 | | Suspicious objects | 0.0296 | | XSS attack vectors | 0.028 | | Iframe tags | 0.0121 | | Form tags | 0.0113 | | Background-image properties | 0.0102 | | Behaviour properties | 0.01 | | @import rules | 0.0108 | | management.uninstall | 0.0297 | | tabs.remove | 0.0203 | | webRequest callbacks | 0.0689 | | onBeforeRequest callbacks | 0.0359 | | tabs.query | 0.0247 | | createElement | 0.0187 | | createElementNS | 0.0108 | | appendChild | 0.0184 | | getElementById | 0.0103 | | getElementsByClassName | 0.0108 | | getElementsByTagName | 0.0103 | | navigator | 0.0112 | | location | 0.0112 | | GET and POST methods | 0.0111 | | Other methods | 0.0174 | | Requests to script files | 0.0336 | | 2xx status codes | 0.0167 | | 3xx status codes | 0.0107 | | 4xx status codes | 0.0103 | | Other status codes | 0.0101 | | avg request substring length | 0.0223 | | avg number of query parameters | 0.0183 |
|
|