摘要
Web网站已成为黑客的主要攻击目标。基于代码特征签名对网页恶意代码进行检测的方法特征库的维护工作量较大,而基于Honeypot的方法效率较差。黑客在植入网页恶意代码时往往使代码在显示效果上不易被浏览者发现。该文针对这一特征设计了一种检测方法,在对各种恶意代码植入方法分析的基础上,归纳出了6种植入特征,并实现了一个原型系统。原型系统实现了一个包含脚本解释执行功能的Web爬虫来获取目标页面,通过HTML解析获得可供检测的标签,将其与植入特征进行匹配以发现恶意代码。与传统检测方法相比,该方法所依赖的特征数量少,检测效率高。对60个真实站点的检测结果表明,原型系统仅有2.63%的漏报率和1.99%的误报率。
Web sites have become the main targets of many attackers.Signature-based detection needs to maintain a large signature database and Honeypot based methods are not efficient.Since attackers always make the malicious codes in Web pages difficult to detect by the browser users,their methods can be classified into various fingerprints.Various malicious codes were analyzed to identify 6 types of fingerprints.The system utilizes a spider integrated with script interpretation to fetch target Web pages and extract specific tags for detection by HTML parsing for matching with the fingerprints to detect malicious codes.This method needs fewer fingerprints than traditional detection methods and is more efficient.Results for 60 websites show that the system has a false negative rate of 2.63% and a false positive rate of 1.99%.
出处
《清华大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2009年第S2期2208-2214,共7页
Journal of Tsinghua University(Science and Technology)
基金
国家自然科学基金资助项目(60873213)
北京市自然科学基金资助项目(4082018)
国家"八六三"高技术项目(2007AA01Z414)
关键词
网页恶意代码
检测
植入特征
Web pages malicious codes
detection
embedding fingerprints