| With the rapid development of world wide web, studying and working via Internet is playing a more and more important role in people’s daily life. Using Internet to find information or read news by browsing web pages is one of the most significant ways. However, the variety of network threats, such as web worms, viruses, malicious scripts, phishing sites and spam, are disturbing the order of Internet, which do a great harm to users’ privacy and property safety. Therefore, it is imminent to protect the safety of Internet users and clear the network threats.Trend Micro’s malicious webpage decision system(MPDS) is a product proposed for protecting users from variety of web-based threats when visiting web pages. It is the core project in Trend Micro which is composed of two main modules:browser exploit prevention (BEP) module and script analyzer lineup (SAL) module, designed and implemented by Core Tech Department.This thesis describes system architecture of MPDS, as well as the design and implementation of the modules MPDS consists in detail. Firstly, it describes system architecture of MPDS and the function of main modules by illustrating the overall flow chart of whole system; and then, deeply introduces the BEP module, including BEP server and BEP’s browser plug-in. When introducing BEP server, it focus on the role and process flow of the server, and when introducing BEP’s browser plug-in, it focus on the hooking point; following that it describes SAL module in detail, including the two layers filter mechanism and twice scan, and the thesis highlights the dynamic scan of the twice scan; then, introduces the deploy environment of automation test, in addition to Metasploit test, function test and performance test. At last the thesis makes a brief summary, and points out the part of the system needs to be improved. |
PDF Full Text Request