基于内容的网页恶意代码检测的研究与实现-信息安全专业论文.docxVIP

华中科技大学硕士学位论 华 中 科 技 大 学 硕 士 学 位 论 文 II II Abstract In recent years, malwares, including worms, Trojans and botnets, always threat to Internet security. As the growing popularity of WEB2.0 and cloud computing, more and more applications provide WEB-based services, there have been trends of browser OS. Exploiting browser vulnerabilities and plug- in vulnerabilities has replaced exploiting vulnerabilities in operating systems and applications. Web malicious code has become the main way of attack and spreading of malware and an important part of the underground economy. Malicious web page is the page that contains malicious content which spreads virus, Trojan, etc. Included malicious content, which is always called web Trojan, essentially is not a Trojan. It’s the malicious code spreading by webpage, generally written in JavaScript, VBScript or other scripting language, usually obfuscated in various ways to escape detection. By exploiting vulnerabilities in browsers or plug- ins, webpage malicious code can download and run malware, such as adware, Trojan, viruses, etc. Users could be attacked even when they visit a seemingly benign website since benign web page could have been injected with malicious code. Various tactics are used in order to evade detection by AV scanner, for example, encryption and polymorphism. Traditional detection system has a high false negative rate. Therefore, more and more attackers utilize Internet to spread malware. Detections techniques are usually classified into static detection (based on page content or URL), dynamic detection (based on browsing behavior), and a combination of both. Traditional static detection method is simple, but difficult to deal with code obfuscation, which lead to a high false negative rate and false positive rate. Therefore, many existing systems use the dynamic detection approach, that is, run scripts of a webpage in a real browser in a virtual machine environment, monitor the execution for malicious activity. Wh