论文部分内容阅读
为了应对网页木马中利用内嵌链接动态生成和代码混淆技术实现的隐藏机制,建立了一种全面基于网页动态视图的网页木马检测方法。该方法以脚本执行引擎为核心,加入特定的混淆对抗和内嵌链接识别机制,基于一定的文档对象模型模拟来动态执行页面中的脚本,结合内嵌页面递归分析重构出网页动态视图,并基于重构出的网页动态视图进行网页木马检测。在开源工具PHoneyC的框架基础上实现了原型系统,对89个网页木马样本进行了网页木马检测。结果表明:本检测方法检测率为70.8%,高于基于单页面方法的29.2%和基于页面静态视图方法的43.8%。
In order to cope with the hidden mechanism of dynamic generation and code obfuscation realized by embedded links in web page Trojan, a comprehensive web page dynamic view Trojan detection method is established. The method takes the script execution engine as the core, adds specific confusion confrontation and embedded link recognition mechanism, dynamically executes the script in the page based on a certain document object model simulation, recursively analyzes and reconstructs the dynamic view of the web page with the embedded page Web page Trojan detection based on reconstructed web page dynamic view. Based on the framework of open source tool PHoneyC, a prototype system was implemented, and Trojan horse samples of 89 web pages were detected. The results show that the detection rate of this method is 70.8%, higher than 29.2% based on single page method and 43.8% based on page static view method.