| With the rapid development of Internet, computer applications have penetrated into all areas of the society, provides us a lot of services and bring conveniences to our life and work. At the same time, information security has become an important issue. As the browser widely used, hackers use browser vulnerabilities and third-party software to deliver web Trojan and obtain system privileges, destroy and steal user information. It make the users interests a great loss.Web Trojan spreads fast and easily changes its forms. Traditional signal-based virus detection techniques are hard to detect web Trojan. It is necessary to find a new detection method.The difference between the web Trojan and the traditional Trojan is the browser. The web Trojan must use the browser. When the browser is triggering the malicious web page, web Trojan download the Trojan program by using the vulnerabilities, and achieve the destruction and theft of computer information purposes. Therefore, the paper firstly extract features of the static code characteristics and dynamic behavior characteristics and calculate threats by using the Multinomial event Model based on Bayes theory. The threats determine whether the web page program is a Trojan.The method takes static code characteristics and dynamic behavior characteristics, propose detection principle, uses the concept of information gaining to filter the characteristics, and describes the static code features and API call sequence feature extraction method, then details the API interception technology. The paper focuses on the events of Bayesian classification and polynomial model,using the model to determine whether the unknown web program is web Trojan. |
PDF Full Text Request