期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于预过滤的恶意JavaScript脚本检测与分析方法 被引量:3

Detection and analysis of malicious Java Script code based on pre-filter
下载PDF
导出
摘要 恶意网页利用网页木马来攻击网络用户使之成为僵尸网络中的节点,是目前互联网上较为流行的一种攻击手段。攻击者通常将Java Script编写的恶意脚本嵌入到网页中,当用户浏览该页面时,脚本执行并试图对浏览器或浏览器插件进行攻击。提出一种适用于大规模网页检测的基于预过滤的恶意Java Script脚本检测与分析方法——JSFEA,该方法使用静态检测快速扫描页面并判定网页是否为可疑页面,如果判定可疑则进行动态检测。实验表明,JSFEA对恶意网页的误报率很低,并减少了85%以上的页面进行动态检测,大大提高了大规模恶意网页检测效率。 Malicious Web pages that host drive-by-download exploits have become the popular means for compromising hosts and creating botnets on the Internet. In drive-by-download exploits, attackers embed malicious JavaScript code into a Web page. When a victim visits this page, the script is executed and attempts to compromise the browser or one of its plugins. This paper proposed a detection and analysis method of malicious JavasScript code based on pre-filter called JSFEA which suits for large-scale Web page detection. JSFEA used static analysis techniques to quickly examine a Web page for determining whether it”s suspicious or not. If it is determined suspicious then put it into dynamic detection. The study shows that JSFEA is able to reduce the load on a more costly dynamic analysis by more than 85%, with a low false positive rate.
作者 侯冰楠 俞研 吴家顺
机构地区 南京理工大学计算机科学与工程学院
出处 《计算机应用》 CSCD 北大核心 2015年第A01期60-62,85,共4页 journal of Computer Applications
关键词 恶意网页 JAVASCRIPT脚本 木马攻击 静态检测 动态检测 malicious Web page JavaScript code drive-by download exploits static detection dynamic detection
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献15

  • 1Clamav[ EB/OL]. [ 2014-09-01]. http://www, clamav, net/.
  • 2SEIFERT C, WELCH I, KOMISARCZUK P. Honey teraction client Honeypot[ EB/OL]. [ 2014- 09- 01 ] researchgate, net/publication/202141516_HoneyC - teraction_Client_Honeypot.
  • 3SEIFERT C, STEENSON R. Capture-HPC[ EB/OL]. [2014-09- 01]. https://projects, honeynet, org/capture-hpc/.
  • 4WANG Y-M, BECK D, JIANG X, et al. Automated Web patrol with strider HoneyMonkeys: finding websites that exploit browser vulnerabilities[ EB/OL]. [ 2014- 09 - 10 ]. http://www, researchgate. net/publication/248501367_Automated_Web _Patrol _with _Strider_ HoneyMonkeys.
  • 5NAZARIO J. PhoneyC: a virtual client honeypot[ C]// LEET'09: Proceedings of the 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats. Berkley: USENIX Associaiton, 2009: 6.
  • 6IKINCI A, HOLZ T, FREILING F, et al. Monkey-Spider: detecting malicious websites with low-interaction honeyclients [ EB/OL]. [2009-09-01 ]. http://citeseerx, ist. psu. edu/viewdoc/summary? doi = 10. 1.1. 210. 1385.
  • 7PROVOS N, MAVROMMATIS P, RAJAB M A, et al. All your if- rames point to us[ C]// Proceedings of the 2008 USENIX Security Symposium. Berkeley: USENIX Association, 2008:1-15.
  • 8CURTSINGER C, LIVSHITS B, ZORN B, et al. Zozzle: low-over- head mostly static javascript malware detection, MSR-TR-2010-156 [ R]. [ S. 1. ] : Microsoft, 2010.
  • 9HINES M. Malware SEO[EB/OL]. [2014-09-01]. http://securi- tywatch, eweek, com/seo/.
  • 10COVA M, KRUEGEL C, VIGNA G, et al. Detection and analysis of drive-by-download attacks and malicious JavaScript code[ C]// Proceedings of the 2010 International World Wide Web Confer- ence. New York: ACM, 2010:281-290.

同被引文献18

引证文献3

二级引证文献3

计算机应用
2015年 第A01期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部