Research On Data Mining Applied In Dynamic Malicious Web Page Detection

With the development of computer science and Internet, we have got used toentertainment, shopping, working, e-commerce and other activities on the Internet, ofwhich browsing web pages occupy a large part. Meanwhile, criminals and hackers aretaking advantage of the network security vulnerabilities, such as malicious attack,invading user system. Malicious web page is one of the most serious problems, whichare threatening the Internet data security, and even causing serious economic losses.With the expanding of network security issues, static web analysis and clienthoneypot technology become most important research field of malicious web pagedetection. Honeypot is a technology that deceiving the intruder to get hackers’attacking methods, so as to protect the real host server system. Capture-HPC is a highinteractivity client honeypot, and it set up a virtual environment to simulate the realoperating systems and applications. The virtual system deliberately expose variousweaknesses or vulnerabilities, in order to lure intruders to attack, while the attackeractions made to the virtual system and behavior will be recorded in the honeypot log.The paper designs and implements a dynamic malicious web page detectionmodel, the model is based on data mining of the Capture-HPC honeypot log, to solvethe low detection efficiency and high false alarm rate problem of high interactivityclient honeypot. The detection model converts honeypot log into operation sequenceand mining sequence, and uses data mining algorithms to analyze massive log data, soas to optimize the malicious web page detection system, and analyze the attackmethod and behavioral characteristics.The paper focuses on three common data mining techniques: cluster analysis,association rule mining, and decision tree classifier, which effectively and reasonablyapplied in dynamic malicious web page detection model. The paper describes the modules of the model and specific design and implementation of them in detail. Italso makes an experiment to verify the design reasonableness of the detection model,the correctness of data mining algorithm selection, the effectiveness of modelapplication in the malicious web page detection, and obviousness of detection modeloptimization. In the practical application of the detection model, it has a stable andgood effect of malicious web page detection.