基于规则的网页木马检测与防御

发布时间：2018-06-27 01:52

本文选题：网页木马 + 恶意代码　；参考：《南京邮电大学》2017年硕士论文

【摘要】：时至今日,互联网已经成为我们的日常生活中重要的一部分,它不仅使通信更加迅速,也给人们生活带来了许多便利。与此同时,互联网也被利用为传播恶意程序的途径。通过网页散布恶意程序已经成为一类严重的安全威胁。网页木马是一种注入网页中的恶意代码,它利用浏览器及其插件中的漏洞使受害者的系统静默地下载并安装恶意程序。本文综述了国内外对网页木马检测和防御的研究,并介绍了网页木马攻击的机制、危害和现状。本文提出了结合静态程序分析、动态程序分析与机器学习的基于规则的网页木马检测方法。本方法针对网页木马攻击中在着陆页面上的攻击脚本获取行为和恶意操作堆内存的行为,通过动态程序分析监控动态执行函数调用、动态生成函数调用、脚本插入、页面插入和页面跳转,提取它们和相关的字符串操作记录,以及一个用于判断堆内存恶意操作的指标作为特征。本方法利用静态程序分析预先判断哪些特征不会出现,减少动态程序分析的运行开销。基于动态程序分析提取的特征,本方法采用机器学习算法训练分类器作为检测模型。本文展示了一个网页木马检测防御系统的设计和系统原型的实现。最后,本文制定了实验方案,实验结果表明本文方法具有良好的检测效果,且有效的结合了静态程序分析和动态程序分析。
[Abstract]:Today, the Internet has become an important part of our daily life, it not only makes communication faster, but also brings a lot of convenience to people's life. At the same time, the Internet is also used as a way to spread malicious programs. Spreading malicious programs through web pages has become a serious security threat. A web Trojan is a malicious code injected into a web page, which makes the victim's system silently download and install malicious programs by exploiting a vulnerability in the browser and its plug-ins. This paper summarizes the research on detection and defense of web Trojan horse at home and abroad, and introduces the mechanism, harm and present situation of web Trojan horse attack. In this paper, a rule-based detection method of web Trojan horse based on static program analysis, dynamic program analysis and machine learning is proposed. The method aims at the attack script acquisition behavior on landing page and malicious operation heap memory behavior in web page Trojan attack, through dynamic program analysis to monitor dynamic execution function call, dynamic generation function call, script insert. Page inserts and page jumps extract them and associated string operation records as well as a metric used to judge heap memory malicious manipulation as a feature. In this method, static program analysis is used to prejudge which features will not appear and reduce the running cost of dynamic program analysis. Based on the features extracted by dynamic program analysis, the machine learning algorithm is used to train classifier as the detection model. This paper presents the design of a web Trojan detection and defense system and the implementation of the system prototype. The experimental results show that the proposed method has good detection effect and combines static program analysis with dynamic program analysis.
【学位授予单位】：南京邮电大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.08

【参考文献】