Research On Detection Techniques Of Webpage-Trojan Based On Dynamic High-interaction Honeypot

Along with the advance of computer technology, the Internet has become an indispensable part in work, study and everyday life. With the rapid development of the Internet, webpages have become the main way that publish and get the information gradually, the Web application has become the center of interaction of the network information. While the mass webpages brings rich information for people, it also brings the potential security problems. Hackers exploit vulnerabilities of the software and operation system and then embed the malicious code in webpages, which makes the webpage becomes a carrier of crazy spreading Trojan and virus.How to detect the Webpage-Trojan fast and accurately has become network security problems that need to be solved urgently. At first, this paper analyzes deeply the formation mechanism of the Webpage-Trojan and the means of attack, then studies through the means of hanging a horse and vulnerability exploits. On that basis, this paper compares and analyses detection methods of Webpage-Trojan. Having researched carefully Webpage-Trojan, high-interaction virtual honeypot has been introduced on the basis of flaws in current methods of detecting Webpage-Trojan. And then this paper applies this technology to detect Webpage-Trojan.There exist many problems when the high-interaction virtual honeypot is applied in the Webpage-Trojan detection, so this paper puts forward the twin-engine detection scheme which has static Webpage-Trojan scanning engine and Webpage-Trojan detection engine based on dynamic high-interaction honeypot to resolve the time-consuming problem when using the high-interaction honeypot, so as to improve the detection speed of the whole system. In order to improve the detection speed of the system under the premise of guaranteeing the accuracy of detection, this paper gives out a method which combines the finite-state automaton and the high-interaction honeypot technology. At the same time this paper researches System Services Descriptor Table, and then proposes a detection method based on kernel SSDT.Finally, this paper comes up a detailed test scheme, and then selects many tools to test many webpages. The test results show that this system designed by this paper can meet the design requirements.