Malicious Web Page Detection System Based On On-line Learning Algorithm

The Internet has become an indispensable tool in life. Every day we browse the Internet using a web browser, but the computers connected to a network are at the risk of being attacked remotely. As the web browser accesses the content from a malicious web server, the server returns a malicious page that attacks the browser. If the attack is successful, the web server could install any program on the client machine. Currently web browser is the most vulnerable client to be attacked, so malicious web are posing a serious threat to the security of the client machine.The methods to detect malicious web include Client Honeypot, Static detection algorithms and detection method based on Machine Learning. Client Honeypot interactive with web server using browser initiatively, meanwhile, it monitor the changes on processes, register, files in the operator system. If there is an illicit state change on the operator system after the interaction between client and web server, the web server is malicious. Static detection algorithms, such as Pattern Matching, Static Code Analysis and Heuristic Rules, are methods to detect the code of web page. Client Honeypot is more accurate than Static detection algorithms, a benign page will not be mistaken as a malicious web page. But Client Honeypot has obvious shortcomings, its detection speed is low, and need more resources. Static detection algorithms are very fast, but their mistaken rate is high, and cannot detect unknown attack. The main work of Machine Learning detection method is to extract the feature of pages, and train the classifiers by the sample to detect malicious web page. This method not only detects fast, but also has good predictive ability. Moreover, On-line Learning algorithms are more suitable for malicious web detection system than Batch Learning algorithms.This paper extracts URL features of web page, uses On-line Learning algorithms training efficient classifiers and implements a real-time detection system for malicious web page with one classifier. Then we do experiments, analysis the results and find the inadequacies of the system. Then we work out an improved method, which can enhance the effect of the system further. At last, we design a semi-supervised learning system model.