Method and system for detecting large-scale malicious web pages

A malicious web page and detection method technology, applied in the field of computer security, can solve the problems of not providing continuous operation and low analysis efficiency, and achieve the effect of efficient update, high analysis efficiency, and convenient update

Inactive Publication Date: 2010-04-07
PEKING UNIV
View PDF1 Cites 91 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Through traditional deployment, a virtual host node implements a sandbox environment, and only a single task can be run at the same

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting large-scale malicious web pages
  • Method and system for detecting large-scale malicious web pages
  • Method and system for detecting large-scale malicious web pages

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach

[0076] According to the technical method in the content of the invention, we have implemented a large-scale network horse detection and analysis environment, combined with the accompanying drawings to illustrate our specific implementation as follows:

[0077] 1) Detect the implementation strategy of the server layer:

[0078] a) Deployment of analysis node clusters: Currently, our system uses 64-bit servers to build analysis node clusters, deploying 8 virtual host analysis nodes in each server to form an analysis node cluster, and deploying 10 parallel sandboxes in each node box, a single server can simultaneously analyze 80 URLs in parallel;

[0079] b) Distribution of analysis nodes: When the environment of analysis nodes needs to be updated, the distribution module of analysis nodes can be started and run through remote control, the initial image of analysis nodes can be obtained through ftp, and the virtual machine copy written by the API interface provided by the virtual...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a system for detecting large-scale malicious web pages by using a three-layer parallel architecture and a layered control guarantee method: in the first layer, a plurality of detection servers interconnected via networks are arranged in parallel, so as to construct a detection server cluster, and a task set to be analyzed is set up on one detection server; in the second layer, a plurality of analysis nodes are arranged in parallel in each detection server, and a node cluster monitoring module is arranged so as to monitor and analyze the operating condition of the nodes; and in the third layer, a sandbox environment is constructed in parallel in each analysis node, so as to achieve the paralleled detection of the task to be analyzed. The architecture of the invention ensures the mutual independence and self-maintenance among the detection servers and among the analysis nodes, the overall operation of the system is free from the dynamic expansion of physical hosts and node numbers, and the overall function thereof is not affected by the invalidity of the single analysis node; and various tasks can be detected in a multi-channel and paralleled manner at the same time in the same node, thereby improving the analysis efficiency of the system.

Description

technical field [0001] The invention belongs to the field of computer security, and proposes a large-scale malicious webpage detection method and system, adopts a three-layer parallel architecture and a strategy for layered monitoring and security, and uses virtual host technology and parallel sandbox technology in combination to build a large-scale continuous operation automation Analyze the environment and dynamically detect network Trojan threats contained in web pages. Background technique [0002] At present, the Internet has become an important way to spread malicious programs. According to the "Statistical Report on Internet Development in China" issued by China Internet Network Information Center (CNNIC) in January 2008, the number of Internet users in my country has exceeded 200 million, and Internet users will increasingly rely on the World Wide Web in their daily lives. At the same time, my country's Internet resources are also growing rapidly, and the annual gro...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/22G06F17/30G06F9/445H04L29/06H04L12/24G06F21/53G06F21/56
Inventor 梁知音龚晓锐韦韬宋程昱武新逢韩心慧诸葛建伟邹维
Owner PEKING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap