Real-time webpage Trojan detection method based on dynamic content analysis

A web Trojan, real-time detection technology, applied in instrumentation, digital data processing, platform integrity maintenance, etc., can solve the problems of confusing true intentions, easy to generate false negatives in static analysis, and achieve the effect of overcoming negative effects

Inactive Publication Date: 2016-10-12
NANJING UNIV OF POSTS & TELECOMM
View PDF4 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, obfuscation techniques are often used to hide the true intent

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Real-time webpage Trojan detection method based on dynamic content analysis
  • Real-time webpage Trojan detection method based on dynamic content analysis
  • Real-time webpage Trojan detection method based on dynamic content analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] The specific implementation of the present invention will be further described in detail in conjunction with the accompanying drawings.

[0029] The present invention provides an embodiment of real-time detection of web page Trojan based on dynamic content analysis. This embodiment is a method for detecting Drive-by Download attacks implemented by JavaScript scripts, that is, web page Trojan horse attacks. Use JavaScript dynamic analysis software, preferably Jalangi2, to insert JavaScript code in the webpage, track string operations and extract a series of relevant behavioral features during the code running process, use the pre-trained classification model to classify, and judge whether the webpage is Perform a web Trojan horse attack.

[0030] Step 1) Collect a certain amount of malicious webpage set M and benign webpage set B to form sample libraries respectively.

[0031] Step 1.1) Obtain a certain number of top-ranked website homepages from Alexa to form a benign...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a real-time detection method for web page Trojans based on dynamic content analysis. First, a sample library is formed, and the sample library is divided into a training set and a test set; Pile, run the webpage after posting, dynamically track string processing to extract a series of behavioral features, at the same time, record the "heap operation risk index", the above features form a feature vector, and generate all feature vectors into the feature set of the sample library; choose different The classification algorithm is used to train the classification model, and the model with the best classification result is selected as the detection model; finally, the dynamic analysis software is run to insert stubs on the webpages passing through the proxy server, access the webpages to be tested that have been studded, and dynamically extract relevant features. Use the detection model to determine whether it is a benign web page or a malicious web page containing a web Trojan. Compared with the static analysis method, the present invention has higher detection accuracy and can effectively resist code obfuscation technology.

Description

technical field [0001] The invention belongs to the field of computer malicious software detection or processing, and in particular relates to a webpage Trojan horse detection method based on dynamic content analysis. Background technique [0002] Web applications and services have become an integral part of the daily lives of modern people. JavaScript is a client-side scripting language often used for web application development and is widely used on the Internet because of the dynamic features it provides. At the same time, JavaScript also provides a huge convenience for spreading malware. Perpetrators of malicious behavior often use malicious JavaScript scripts to carry out Drive-by Download attacks on victims, that is, web page Trojan horses (literally translated as drive-by downloads). This attack method enables the system to download and execute malicious code without the user's knowledge when the user browses a specific web page, and eventually valuable sensitive in...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 张卫丰刘蕊成张迎周周国强王子元
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap