| Internet development promotes a large number of malicious web pages, and malicious webpages attack is becoming the main form of Internet attack. Today's behavior-based detection methods of malicious webpages are based on honeypot or sandbox technology. These methods can detect only a webpage one time,or it can't distinguish the malicious behaviour belongs to which webpage, so the efficiency and accuracy is very low,and it can't satisfy the emergence of a large number of malicious Web page testing requirements.This paper proposed an malicious webpage behavior detection based on BHO(browser helper object) technology, this method can get all IE's event through BHO technology, and get all IE's special behavior when we visit a malicious webpages through Api Hook technology in BHO module.And a detect system is designed based on this method.This paper first introduces the system's detail architecture,and each submoudle's procedure.Then this paper analyzes the IE browser's specific behavior when user visits a malicious Web page,and how to capture these behavior in BHO module.Finally, the paper uses of machine learning (SVM) method to get a malicious webpage judgement model through training the sample data extracted by our system from some malicious webpages. Through the system's efficiency and accuracy testing and analysis, the final results show that Web-based malicious BHO behavior detection technology's efficiency is better than some other malweb detection systems.and the accuracy rate is also very effective. |
PDF Full Text Request