2015-计算机学报-恶意网页识别研究综述.docxVIP

恶意网页识别研究综述沙泓州1),3), 刘庆云2), 柳厅文2), 周舟2), 郭莉2), 方滨兴1),2)1)(北京邮电大学计算机学院, 北京 100876)2)(中国科学院信息工程研究所, 北京 100093)3)(信息内容安全技术国家工程实验室, 北京 100093)摘 要近年来，随着互联网的迅速发展以及网络业务的不断增长，恶意网页给人们的个人隐私和财产安全造成的威胁日趋严重。恶意网页识别技术作为抵御网络攻击的核心安全技术，可以帮助人们有效避免恶意网页引起的安全威胁，确保网络安全。文中从理论分析和方法设计两方面介绍了恶意网页识别的最新研究成果。在理论分析层面，从恶意网页的基本概念和形式化定义出发，对恶意网页识别的应用场景、基本框架及评价方法进行全面的归纳，并总结了恶意网页识别的理论依据及性能评价指标。在方法设计方面，对具有影响力的恶意网页识别方法进行了介绍和归类，对不同类别的识别方法进行了定性分析和横向比较。在总结恶意网页识别的研究现状的基础上，从客观环境的变化以及逃逸技术的升级两方面深入探讨当前恶意网络识别面临的技术挑战。最后总结并展望了恶意网页识别的未来发展方向。关键词恶意网页识别；网页分类；机器学习；逃逸技术中图法分类号TP393.8DOI号*投稿时不提供DOI号* 分类号Survey on Malicious Webpage Detection ResearchSHA Hong-Zhou1),3), LIU Qing-Yun2), LIU Ting-Wen2) , ZHOU Zhou2), GUO Li2), FANG Bin-Xin1),2)1)( Department of Computer Science, Beijing University of Posts and Telecommunications, Beijing, 100876, China)2)( Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China)3)( National Engineering Laboratory for Information Security Technology, Beijing 100093, China)Abstract In recent years, with the rapid development of Internet and the increasing growth of network services and security needs, the existence of malicious web pages have become a much more serious problem for personal privacy and property safety. As one of the key technologies to resist network attacks, the detection techniques for malicious web pages can effectively help people avoid potential security threats and thus ensure the network security. In this paper, we describe the latest research achievements from theory to practice. It starts from the introduction of the formal definition of malicious web pages, and followed by concluding the detection techniques’ application scenarios, basic framework and evaluation principles. Then, it introduces several typical detection schemes, classifies them into categories, and finally puts them to a horizontal comparison. Based on the understanding of the research status in malicious web page detection schemes, this paper presents an in-depth dis