Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for detecting web page Trojan horse based on program execution characteristics

A web Trojan horse and program execution technology, applied in the field of computer security, can solve the problems of system detection speed slowdown, false detection, and inability to detect whether a web page is a hanging horse web page, etc., so as to reduce the missed detection rate, false detection rate, and detection speed. improved effect

Inactive Publication Date: 2010-03-17
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF0 Cites 43 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] (1) This detection method needs to continuously update the feature database. However, as the feature database becomes larger and larger, the detection speed of the system will decrease.
[0009] (2) Because this detection method just carries out matching detection to webpage, does not analyze from Trojan horse operating mechanism angle, so when Trojan horse virus writer carries out random replacement to the characteristic string in the webpage of hanging horse, this detection method just can't Detect whether the webpage is a webpage that hangs horses, resulting in missed detection
For this case, this detection method will cause false detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for detecting web page Trojan horse based on program execution characteristics

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] In today's network environment, there are a large number of websites with Trojan horses. In order to avoid the detection of mainstream detectors, Trojan horse manufacturers have made a series of careful modifications to the code of web pages containing Trojan horses to realize the detection of the functional codes of Trojan horses. Hiding, such as source-level deformation avoidance, variable name replacement, etc.

[0038] Therefore, at this time, simply relying on the feature library of the detector to detect web page Trojans will greatly increase the false negative rate. A webpage Trojan horse detection method based on program execution characteristics proposed by the present invention analyzes the webpage to be checked from the perspective of the operation mechanism of the webpage Trojan horse, rather than simple pattern matching, so it has certain intelligence. The specific implementation process is as follows figure 1 shown.

[0039] Specific embodiment: divided ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the field of computer security, and relates to a method for detecting web page Trojan horse based on program execution characteristics, which comprises the following steps: using web crawlers to capture source codes of a web page; then obtaining a recognizable script program through multilevel decoding; carrying out disassembling processing on the script program to obtainassembled source codes while reserving the script program; then, judging whether a large number of filled invalid instructions, calling system level functions and obvious URL links exist in the sourcecodes; and finally detecting whether the Trojan horse exists in the web page through the assembled source codes in a deep level. Because most of the prior web pages with the Trojan horse are embeddedwith ShellCode, to execute the ShellCode in the web pages in a local computer, system vulnerability is needed to realize buffer overflow and enable the program to skip onto the ShellCode code segment. Thus, only by analyzing the condition of executing the ShellCode, and analyzing the source codes according to the execution characteristics, whether the web page to be detected is the web page Trojan horse can be quickly detected.

Description

technical field [0001] The invention belongs to the field of computer security and relates to a method for detecting a web page Trojan horse. Background technique [0002] Computer viruses, Trojan horses, spyware and malicious codes are the most important security threats faced by computer networks in recent years. Among the transmission paths of computer viruses, Trojan horses, spyware and malicious codes, besides spam, there is another important way to spread viruses and Trojan horses to the computers of users who visit the webpages by constructing special webpages. This special webpage mainly uses various loopholes in the operating system, browser, plug-in, etc. to spread executable malicious code to the user's computer for execution, or use the parser in the system and the execution authority of the control to execute the malicious code in the webpage. Malicious code runs automatically. Because the configuration and coding of these special webpages are relatively compl...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F17/30G06F21/56
Inventor 陶然李志勇蔡镇河王越杜华张昊
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com