本文選題：網(wǎng)頁木馬 + 惡意代碼��； 參考：《南京郵電大學(xué)》2017年碩士論文

【摘要】：時至今日,互聯(lián)網(wǎng)已經(jīng)成為我們的日常生活中重要的一部分,它不僅使通信更加迅速,也給人們生活帶來了許多便利。與此同時,互聯(lián)網(wǎng)也被利用為傳播惡意程序的途徑。通過網(wǎng)頁散布惡意程序已經(jīng)成為一類嚴(yán)重的安全威脅。網(wǎng)頁木馬是一種注入網(wǎng)頁中的惡意代碼,它利用瀏覽器及其插件中的漏洞使受害者的系統(tǒng)靜默地下載并安裝惡意程序。本文綜述了國內(nèi)外對網(wǎng)頁木馬檢測和防御的研究,并介紹了網(wǎng)頁木馬攻擊的機制、危害和現(xiàn)狀。本文提出了結(jié)合靜態(tài)程序分析、動態(tài)程序分析與機器學(xué)習(xí)的基于規(guī)則的網(wǎng)頁木馬檢測方法。本方法針對網(wǎng)頁木馬攻擊中在著陸頁面上的攻擊腳本獲取行為和惡意操作堆內(nèi)存的行為,通過動態(tài)程序分析監(jiān)控動態(tài)執(zhí)行函數(shù)調(diào)用、動態(tài)生成函數(shù)調(diào)用、腳本插入、頁面插入和頁面跳轉(zhuǎn),提取它們和相關(guān)的字符串操作記錄,以及一個用于判斷堆內(nèi)存惡意操作的指標(biāo)作為特征。本方法利用靜態(tài)程序分析預(yù)先判斷哪些特征不會出現(xiàn),減少動態(tài)程序分析的運行開銷。基于動態(tài)程序分析提取的特征,本方法采用機器學(xué)習(xí)算法訓(xùn)練分類器作為檢測模型。本文展示了一個網(wǎng)頁木馬檢測防御系統(tǒng)的設(shè)計和系統(tǒng)原型的實現(xiàn)。最后,本文制定了實驗方案,實驗結(jié)果表明本文方法具有良好的檢測效果,且有效的結(jié)合了靜態(tài)程序分析和動態(tài)程序分析。
[Abstract]:Today, the Internet has become an important part of our daily life, it not only makes communication faster, but also brings a lot of convenience to people's life. At the same time, the Internet is also used as a way to spread malicious programs. Spreading malicious programs through web pages has become a serious security threat. A web Trojan is a malicious code injected into a web page, which makes the victim's system silently download and install malicious programs by exploiting a vulnerability in the browser and its plug-ins. This paper summarizes the research on detection and defense of web Trojan horse at home and abroad, and introduces the mechanism, harm and present situation of web Trojan horse attack. In this paper, a rule-based detection method of web Trojan horse based on static program analysis, dynamic program analysis and machine learning is proposed. The method aims at the attack script acquisition behavior on landing page and malicious operation heap memory behavior in web page Trojan attack, through dynamic program analysis to monitor dynamic execution function call, dynamic generation function call, script insert. Page inserts and page jumps extract them and associated string operation records as well as a metric used to judge heap memory malicious manipulation as a feature. In this method, static program analysis is used to prejudge which features will not appear and reduce the running cost of dynamic program analysis. Based on the features extracted by dynamic program analysis, the machine learning algorithm is used to train classifier as the detection model. This paper presents the design of a web Trojan detection and defense system and the implementation of the system prototype. The experimental results show that the proposed method has good detection effect and combines static program analysis with dynamic program analysis.
【學(xué)位授予單位】：南京郵電大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前2條

1 張慧琳;鄒維;韓心慧;;網(wǎng)頁木馬機理與防御技術(shù)[J];軟件學(xué)報;2013年04期

2 ;2010年上半年教育網(wǎng)網(wǎng)站掛馬監(jiān)測分析報告出爐 掛馬率劇增挑戰(zhàn)校園網(wǎng)[J];中國教育網(wǎng)絡(luò);2010年09期

，

本文編號：2072219