自动下载行为检测

发布时间：2018-03-18 17:07

本文选题：恶意网页　切入点：恶意软件　出处：《计算机应用》2016年07期 　论文类型：期刊论文

【摘要】：目前,很多恶意网页仅利用常规的Web编程技术使得浏览器自动下载木马等恶意软件并诱骗用户执行。这种恶意行为被称为自动下载。浏览器中现有的防御机制并不能有效地识别这种攻击。针对此类恶意行为,提出了一种防御方法。该方法通过监控网页中能导致自动下载的操作,并在下载实际发生时判断是否由用户触发,来识别自动下载行为并加以阻断。此防御方法已经在Web Kit Gtk+2.8.0和Chromium 38.0.2113.1两个浏览器中实现,并进行了评估:两个检测防御系统针对现存的攻击样本均无误报和漏报,额外的性能开销分别为1.26%和7.79%。实验结果表明,该方法能够有效地监测并阻断自动下载攻击且性能开销较小。
[Abstract]:At present, many malicious web pages using only conventional Web programming technology makes the browser automatically download Trojans and other malicious software and trick users into execution. Such malicious behavior is called automatic download. The existing defense mechanisms can not be in the browser and effectively identify this attack. For such malicious behavior, put forward a kind of Defense method. This method can to automatically download operation by monitoring the web page, and determine whether it is triggered by a user in the actual download, to identify and block the automatic download behavior. This defense method has been implemented in the Web Kit Gtk+2.8.0 and Chromium 38.0.2113.1 two browser, and were evaluated: two according to the existing attack detection and defense system samples no false positives and false negatives, an additional performance overhead is 1.26% and 7.79%. respectively. The experimental results show that this method can effectively monitor and automatically download blocking attack The performance cost is small.

【作者单位】：中国人民大学信息学院;
【基金】：国家自然科学基金资助项目(61170240,91418206,61472429) 国家科技重大专项(2012ZX01039-004)~~
【分类号】：TP393.08

【相似文献】