期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于JavaScript的轻量级恶意网页异常检测方法 被引量:8

Lightweight method for detecting JavaScript-based malicious Web pages
原文传递
导出
摘要 为了有效检测恶意Web网页,提出一种基于JavaScript代码基本词特征的轻量级分析方法.首先利用抓捕器获取页面中的全部源代码并从中分离出JavaScript代码,再将全部JavaScript代码用自定义的基本词表示,然后利用最近邻(K-NN)、主成分分析(PCA)和支持向量机(One-class SVM)等三种机器学习算法通过异常检测模式检测恶意网页.实验结果表明:每种算法的检测时间开销都较小,当选用PCA算法时,检测系统在1%误报率的情况下能达到90%的检测率,同时检测系统对网页的平均有效检测速率达250s-1. In order to detect malicious Web pages efficiently ,a lightweight analysis method was pro-posed based on basic JavaScript code words .First ,crawler got all source codes from Web pages ,and then extracted JavaScript codes from source codes .Second ,self-defined basic code words replaced all JavaScript codes .Last ,three machine learning algorithms ,namely ,K-nearest neighbor (K-NN ) , principal component analysis (PCA ) as well as one-class support vector machine (SVM ) were em-ployed to detect malicious Web pages based on anomaly detection .The extensive experimental results show that our method can detect Web pages efficiently .In particular ,PCA achieves a detection rate as 90% with false positive rate of 1% ,detecting 250 s-1 .
作者 马洪亮 王伟 韩臻
机构地区 北京交通大学计算机与信息技术学院 石河子大学信息科学与技术学院
出处 《华中科技大学学报(自然科学版)》 EI CAS CSCD 北大核心 2014年第11期34-38,共5页 Journal of Huazhong University of Science and Technology(Natural Science Edition)
基金 教育部高校创新团队资助项目(IRT201206) 高等学校博士学科点专项科研基金资助项目(20120009110007 20120009120010) 中央高校基本科研业务费专项资金资助项目(2012JBZ010 2013JBM025)
关键词 异常检测 恶意Web网页 主成分分析 WEB安全 机器学习 anomaly detection malicious Web pages principal component analysis Web security machine learning
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献1

  • 1Chih-Chung Chang,Chih-Jen Lin.LIBSVM[J]ACM Transactions on Intelligent Systems and Technology (TIST),2011(3).

共引文献5

同被引文献29

  • 1Cova M, Kruegel C, Vigna G. Detection and analysisof drive-by-download attacks and malicious javascript- code[C] // Proceedings of the 19th International Con- ference on World Wide Web. New York: ACM, 2010: 2812290.
  • 2Microsoft Corporation. Microsoft security intelligence report: volumelT[R]. Redmond: Microsoft Corpora- tion, 2014.
  • 3Sophos Corporation. Security threat report 2014[R]. Burlington: Sophos Corporation, 2014.
  • 4Symantec Corporation. Internet security threat re- port: volume 19[R~. Mountain: Symantec Corpora tion, 2014.
  • 5Wang Junjie, Xue Yinxing, Liu Yang, et al. JSDC: a hybrid approach for JavaScript malware detection and classification[C] // Proceedings of the 10th ACM Symposium on Information, Computer and Communi- cations Security. New York: ACM, 2015:109 120.
  • 6Jayasinghe G K, Bertok P. Efficient and effective re- altime prediction of drive-by download attacks[J]. Journal of Network and Computer Applications, 2014, 38(2): 135-149.
  • 7Rieck K, Krueger T, Dewald A. Cujo: efficient de- tection and prevention of drive-by-download attacks I-C]//Proceedings of the 26th Annual Computer Se- curity Applications Conference. New York.. ACM, 2010: 31-39.
  • 8Zhang Haibo, Zuo Chaoshun, Guo Shanqing, et al. SafeBrowsingCloud: detecting drive-by-downloads at- tack using cloud computing environment[M~. Berlin: Springer, 2014: 292-303.
  • 9Cao Yinzhi, Pan Xiang, Chen Yan, et al. JShield: towards real-time and vulnerability-based detection of polluted drive-by download attacks[C~ // Proceedings of the 30th Annual Computer Security Applications Conference. New Orleans: ACM, 2014: 466-475.
  • 10Stringhini G, Kruegel C, Vigna G. Shady paths: le- veraging surfing crowds to detect malicious web pa- ges[C] // Proceedings of the 2013 ACM SIGSAC Conference on Computer ~ Communications Securi- ty. New York: ACM, 2013: 133-144.

引证文献8

二级引证文献33

华中科技大学学报(自然科学版)
2014年 第11期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部