Traditional JavaScript malware detection methods suffer from low accuracy, poor interpretability, and weak adaptability to zero-day threats due to the increasing sophistication and rapid proliferation of obfuscated and polymorphic variants. To address these challenges, this paper proposes a fine-grained detection approach based on weighted behavioral Deterministic Finite Automata (DFA). It models malicious behavioral patterns in JavaScript execution sequences and constructs the first behavior-aware DFA capable of dynamically matching both exact and partially similar malicious sequences. By integrating behavior-weighted modeling with real-time execution monitoring, the method enables interpretable classification into benign, partially malicious, and fully malicious behaviors. Evaluated on 1,058 real-world JavaScript execution sequences, the approach significantly improves zero-day variant detection rates while maintaining high precision and decision transparency.

This work addresses JavaScript malware detection to enhance client-side web application security with a behavior-based system. The ability to detect malicious JavaScript execution sequences is a critical problem in modern web security as attack techniques become more sophisticated. This study introduces a new system for detecting JavaScript malware using a Deterministic Finite Automaton (DFA) along with a weighted-behavior system, which we call behavior DFA. This system captures malicious patterns and provides a dynamic mechanism to classify new sequences that exhibit partial similarity to known attacks, differentiating them between benign, partially malicious, and fully malicious behaviors. Experimental evaluation on a dataset of 1,058 sequences captured in a real-world environment demonstrates the capability of the system to detect and classify threats effectively, with the behavior DFA successfully identifying exact matches and partial similarities to known malicious behaviors. The results highlight the adaptability of the system in detecting emerging threats while maintaining transparency in decision making.