期刊文献+

基于植入特征的网页恶意代码检测 被引量:5

Web page malicious code detection based on embedded fingerprints
原文传递
导出
摘要 Web网站已成为黑客的主要攻击目标。基于代码特征签名对网页恶意代码进行检测的方法特征库的维护工作量较大,而基于Honeypot的方法效率较差。黑客在植入网页恶意代码时往往使代码在显示效果上不易被浏览者发现。该文针对这一特征设计了一种检测方法,在对各种恶意代码植入方法分析的基础上,归纳出了6种植入特征,并实现了一个原型系统。原型系统实现了一个包含脚本解释执行功能的Web爬虫来获取目标页面,通过HTML解析获得可供检测的标签,将其与植入特征进行匹配以发现恶意代码。与传统检测方法相比,该方法所依赖的特征数量少,检测效率高。对60个真实站点的检测结果表明,原型系统仅有2.63%的漏报率和1.99%的误报率。 Web sites have become the main targets of many attackers.Signature-based detection needs to maintain a large signature database and Honeypot based methods are not efficient.Since attackers always make the malicious codes in Web pages difficult to detect by the browser users,their methods can be classified into various fingerprints.Various malicious codes were analyzed to identify 6 types of fingerprints.The system utilizes a spider integrated with script interpretation to fetch target Web pages and extract specific tags for detection by HTML parsing for matching with the fingerprints to detect malicious codes.This method needs fewer fingerprints than traditional detection methods and is more efficient.Results for 60 websites show that the system has a false negative rate of 2.63% and a false positive rate of 1.99%.
作者 黄建军 梁彬
出处 《清华大学学报(自然科学版)》 EI CAS CSCD 北大核心 2009年第S2期2208-2214,共7页 Journal of Tsinghua University(Science and Technology)
基金 国家自然科学基金资助项目(60873213) 北京市自然科学基金资助项目(4082018) 国家"八六三"高技术项目(2007AA01Z414)
关键词 网页恶意代码 检测 植入特征 Web pages malicious codes detection embedding fingerprints
  • 相关文献

参考文献12

  • 1吴润浦,方勇,吴少华.基于统计与代码特征分析的网页木马检测模型[J].信息与电子工程,2009,7(1):71-75. 被引量:15
  • 2Honeypot.. http://en.wikipedia.org/wiki/Honeypot_ (computing) . 2009
  • 3Capture-HPC.. https://projects.honeynet.org/capture-hpc/ . 2009
  • 4Wang Y,Beck D,Jiang X,et al.Automated web patrol withstrider Honey Monkeys:Finding web sites that exploitbrowser vulnerabilities. Proc the 13th Network andDistributed System Security Symposium (NDSS 2006) . 2006
  • 5Provos N,McNamee D,Mavrommatis P,et al.The ghost inthe browser:analysis of web-based mal ware. Proc FirstWorkshop on Hot Topics in Understanding Botnets . 2007
  • 6Moshchuk A,Bragin T,Gribble S D,et al.Acrawler-basedstudy of spyware on the web. Proc the 13th Networkand Distributed Systems Security Symposium (NDSS 2006) . 2006
  • 7Seifert C,Welch I,Komisarczuk P.HoneyC—Thelow-interaction client Honeypot. Proc the 5th NewZealand Computer Science Research Student Conference (NZCSRSC 07) . 2007
  • 8Roesch,M.Snort—lightweight intrusion detection fornetworks. Proc the 13th Large Systems AdministrationConference . 1999
  • 9Trends in badware 2007.. http://www.stopbadware.org/home/trends2007 . 2009
  • 10HTML Parser. http://ht mlparser.sourceforge.net/ . 2009

二级参考文献6

共引文献14

同被引文献27

  • 1http ://user. qzone, qq. com/95007917/blog/1274004740.
  • 2M. Johns. On javascript malware and related threats[C]. Computer Virology, Jan 2008.
  • 3Egele. M, E. Kirda, and C. Kruegel. Defending browsers against drive-by downloads: Mitigating heap-spra- ying code injection attacks. Detection of Intrusions and Malware, Jan 2009.
  • 4Hallaraker. O and G. Vigna. Detecting malicious javascript code in mozilla. Engineering of Complex Com- puter Systems, Jan 2005.
  • 5Reis C,Dunagany J,Wang H J, et al. BrowserShield: Vulnerability-driven filtering of dynamic HTML[J]. ACM Transactions on the Web,2007,3(1) :11.
  • 6Seifert, I. Welch, and P. Komisarczuk. Identification of malicious web pages with static heuristics[C]. In Australasian Telecommunication Networks and Applications Conference, Jan 2008.
  • 7Craioveanu. Server-side polymorphism: Techniques of analysis and defense. [C] In 3rd International Confer- ence on Malicious and Unwanted Software,2008.
  • 8http: //www. alexa, com/topsites.
  • 9Google, Inc. Google safe browsing API. http://code, google, com/apis/ safebrowsing /.
  • 10Peter Likarish, Eunjin (EJ) Jung, and Insoon Jo. In The 4th International Malicious and Unwanted Soft- ware (Malware 2009) ,October 2009.

引证文献5

二级引证文献17

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部