计算机科学 ›› 2016, Vol. 43 ›› Issue (8): 110-113.doi: 10.11896/j.issn.1002-137X.2016.08.023
李道丰,黄凡玲,刘水祥,黄安妮
LI Dao-feng, HUANG Fan-ling, LIU Shui-xiang and HUANG An-ni
摘要: 在Web安全问题的研究中,如何提高Web恶意代码的检测效率一直是Web恶意代码检测方法研究中需要解决的问题。为此,针对跨站脚本漏洞、ActiveX控件漏洞和Web Shellcode方面的检测,提出一种基于行为语义分析的Web恶意代码检测机制。通过对上述漏洞的行为和语义进行分析,提取行为特征,构建Web客户端脚本解析引擎和Web Shellcode检测引擎,实现对跨站脚本漏洞、ActiveX控件漏洞和Web Shellcode等的正确检测,以及对Web Shellcode攻击行为进行取证的功能。实验分析结果表明,新的Web恶意代码检测机制具有检测能力强、漏检率低的性能。
| [1] Gu Xiao-dan,Yang Ming,Luo Jun-zhou,et al.Website Fingerprinting Attack Based on Hyperlink Relations[J].Chinese Journal of Computers,2015,8(4):831-845(in Chinese) 顾晓丹,杨明,罗军舟,等.针对SSH匿名流量的网站指纹攻击方法[J].计算机学报,2015,8(4):831-845 [2] Kolbitsch C,Livshits B,Zorn B,et al.Rozzle:De-cloaking internet malware[C]∥2012 IEEE Symposium on Security and Privacy (SP) .IEEE,2012:443-457 [3] Labuschagne W A,Eloff M M.Towards an automated security awareness system in a virtualized environment[C]∥European Conference on Information Warfare and Security.2012:163-171 [4] Lu G,Chadha K,Debray S.A simple client-side defense against environment-dependent web-based malware[C]∥2013 8th International Conference on Malicious and Unwanted Software:“The Americas”(MALWARE).IEEE,2013:124-131 [5] Borgolte K,Kruegel C,Vigna G.Delta:automatic identification of unknown Web-based infection campaigns[C]∥Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security.ACM,2013:109-120 [6] Chang J,Venkatasubramanian K K,West A G,et al.Analyzing and defending against web-based malware[J].ACM Computing Surveys (CSUR),2013,45(4):1-35 [7] Gu B,Zhang W,Bai X,et al.JSGuard:Shellcode Detection inJavaScript[M]∥Security and Privacy in Communication Networks.Springer Berlin Heidelberg,2013:112-130 [8] Khodaverdi J.Enhancing the Effectiveness of Shellcode Detection by New Run-time Heuristics[J].International Journal of Computer Science,2013,3(2):2-11 [9] Zhang Hui-lin,Zou Wei,Han Xin-hui.Drive-by-Download Me-chanisms and defenses[J].Journal of Software,2013,4(4):843-858(in Chinese) 张慧琳,邹维,韩心慧.网页木马机理与防御技术[J].软件学报,2013,4(4):843-858 [10] Invernizzi L,Comparetti P M,Benvenuti S,et al.Evilseed:Aguided approach to finding malicious web pages[C]∥2012 IEEE Symposium on Security and Privacy (SP).IEEE,2012:428-442 [11] Kapravelos A,Shoshitaishvili Y,Cova M,et al.Revolver:AnAutomated Approach to the Detection of Evasive Web-based Malware[C]∥USENIX Security.2013:637-652 [12] Nazario J.PhoneyC:A virtual client honeypot[C]∥Proc.of the 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET).Berkeley:USENIX Association,2009 |
| No related articles found! |
|
||
首页