期刊文献+

基于网页动态视图的网页木马检测方法 被引量:8

Detection of drive-by downloads based on dynamic page views
收藏 分享 导出
摘要 为了应对网页木马中利用内嵌链接动态生成和代码混淆技术实现的隐藏机制,建立了一种全面基于网页动态视图的网页木马检测方法。该方法以脚本执行引擎为核心,加入特定的混淆对抗和内嵌链接识别机制,基于一定的文档对象模型模拟来动态执行页面中的脚本,结合内嵌页面递归分析重构出网页动态视图,并基于重构出的网页动态视图进行网页木马检测。在开源工具PHoneyC的框架基础上实现了原型系统,对89个网页木马样本进行了网页木马检测。结果表明:本检测方法检测率为70.8%,高于基于单页面方法的29.2%和基于页面静态视图方法的43.8%。 A dynamic page view based drive-by download detection method was developed to address the challenge hidden drive-by downloads which abuse inline linking dynamics creation and obfuscation.The method uses a script engine to execute page scripts with tools to reveal the script's actions and inline linking identification mechanisms and rebuilds the dynamic page view of the visited page by recursively analyzing the inline pages.The system then detects drive-by downloads based on the rebuilt dynamic page view.Tests on a prototype based on the open-sourced PHoneyC framework to detect 89 drive-by download samples showed that single page views in this paper had a detection rate of 29.2%,static page views had a detection rate of 43.8%,and the dynamic page views had a detection rate of 70.8%.Thus,the dynamic detection method has a much higher detection rate.
作者 张慧琳 诸葛建伟 宋程昱 韩心慧 邹维 ZHANG Huilin1,2,ZHUGE Jianwei1,2,SONG Chengyu1,2,HAN Xinhui1,2,ZOU Wei1,2(1.Institute of Computer Science and Technology,Peking University,Beijing 100871,China;2.Key Laboratory of Network and Software Security Assurance of Ministry of Education,Peking University,Beijing 100871,China)
出处 《清华大学学报:自然科学版》 EI CAS CSCD 北大核心 2009年第S2期2126-2132,共7页 Journal of Tsinghua University(Science and Technology)
基金 国家发展改革委员会信息安全专项(高技[2007]2035号) 高等学校博士学科点专项科研基金(200800011019) 国家“八六三”高技术项目(2006AA01Z410)
关键词 计算机网络安全 网页木马 内嵌链接 网页动态视图 文档对象模型(DOM) computer network security drive-by download inline linking dynamic page view document object model(DOM)
  • 相关文献

参考文献15

  • 1WANG Yi min,Beck D,JI ANG Xuxian,et al.Automatedweb patrol with strider honeymonkeys:Finding web sitesthat exploit browser vulnerabilities. Proc 13th Networkand Distributed SystemSecurity Symposium(NDSS 06) . 2006 被引量:1
  • 2Moshchuk A,Bragin T,Gribble S,et al.A crawler-basedstudy of spyware in the web. Proc 13th Network andDistributed System Security Symposium(NDSS 06) . 2006 被引量:1
  • 3Seifert C,Welch I,Komisarczuk P.HoneyC:Thelow-interaction client honeypot. Proc 2007 NZCSRCS . 2007 被引量:1
  • 4Nazario J.PHoneyC:A virtual client honeypot. 2ndUSENIX Workshop on Large-Scale Exploits and EmergentThreats(LEET 09) . 2009 被引量:1
  • 5Mozilla.What is Spider Monkey?. http://www.mozilla.org/js/spidermonkey/ . 2009 被引量:1
  • 6Python Software Foundation.sgmllib—Si mple SGMLparser.. http://www.python.org/doc/2.6/library/sgmllib.ht ml . 2009 被引量:1
  • 7Wiki media Foundation.Si mple API for XML.. http://en.wikipedia.org/wiki/Si mple_API_for_XML . 2009 被引量:1
  • 8Alexa Internet.Top Sites in China.. http://www.alexa.com/topsites/countries/CN . 2009 被引量:1
  • 9Day O,,Pal men B,Greenstadt R.Reinterpreting thedisclosure debate for web infections. Proc SeventhWorkshop on the Economics of Information Security(WEIS2008) . 2008 被引量:1
  • 10Polychronakis M,Mavrommatis P,Provos N.Ghost turnszombie:Exploringthelife cycle of Web-based mal ware. 1st USENIX Workshop on Large-Scale Exploits andEmergent Threats(LEET 08) . 2008 被引量:1

同被引文献105

引证文献8

二级引证文献28

投稿分析
职称考试

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部 意见反馈