关键词: 挂马网页，HTTP会话，决策树，机器学习

Abstract: Malicious Web pages impose increasing threats on Web security in recent years. Currently, there are mainly two client side protection approaches including anti-virus software packages and blacklists of malicious sites. Anti-virus techniques commonly use signaturcbased approaches which might not be able to efficiently identify malicious HTMI codes with encryption and obfuscation. Furthermore, blacklisting techniques are difficult to keep up-to-date. This paper presented a novel classification method for real-time detecting malicious Web pages which is independent with the contents of Web pages. Our approach characterizes malicious Web pages using HTTP session information. With representafive statistical features and decision tree algorithm in machine learning,we built an effective classification model for online real-time detecting malicious Web pages. Experiment results demonstrate that we arc able to successfully detect 89. 7% of the malicious Web pages with a low false positive rate of 0. 3%.

Key words: Malicious Web pages,HTTP session,Decision tree,Machine learning