The invention relates to a webpage malicious JavaScript code recognition and anti-obfuscation method based on hybrid analysis. The webpage malicious JavaScript code recognition and anti-obfuscation method comprises the following steps: firstly, collecting related webpage source codes, and extracting malicious JS files in the source codes and malicious JS codes embedded in HTML documents; then, constructing an abstract syntax tree in the syntax analysis stage, and expressing nodes as conventional JS objects for program analysis and feature extraction; then, carrying out instrumentation on the JS code, carrying out overwriting on basic operation, needing to be monitored, during running, of the JS code, dynamically monitoring the state and information during JS execution, and extracting an execution track and dynamic characteristic information during running; then, rewriting the dynamic and static features into feature vectors, and training a malicious JS code recognition model based on arandom forest algorithm model; and then, based on a dynamic instrumentation method, monitoring and recording memory overwriting related operations, and carrying out effective anti-obfuscation on obfuscated malicious JS codes.