Malicious Webpage Detection System Based On Script Engine

In recent years, with the rapid development of the Internet and the popularity of Webapplications, the Internet has been integrated into the daily life of people. However, whilesurfing the Internet, the users become the attacker’s targets. At present, malicious webpagehas become the best form of malware spread. After invaded a website, legitimate web pagesinjected with malicious scripts by hackers. When users are tricked into clicking through to amalicious webpage, malicious codes may exploit browser vulnerabilities and installation of amalware binary on the victim’s machine. Often these programs steal user’s privacyinformation in the background or control user’s computer. If a user visits to these webpage, itmay cause leakage of information and economic losses. Malicious webpage poses a seriousthreat to the information security of Internet users.This paper presents a malicious webpage detection method based on JavaScript engine.To realize the feature extraction by extend JavaScript engine, us machine-learning techniquesto generate classification model and realize the detection of malicious webpage. Specificresearch activities include the followings:（1）At first, study the technology of malicious webpage, includes: redirection, JavaScriptobfuscation, heap spray, exploit; Selecte features to detection malicious webpage by analysisof a large number of malicious webpage. Through dynamic execution JavaScript in the page,can extraction feature from confusion script code, features extraction method based JavaScriptengine to improve the detection accuracy of the system.（2）Based on Rhino engine, using open source software, developed a system by Javalanguage. Detecting system includes: preprocessing module, page parsing module, featureextraction module, detection module, query module. Page parsing module uses HtmlUnitrealize the processing of dynamic pages; feature extraction module implements the detectionof DOM objects and built-in function; detection module provides multiple classifiers toachieve detection of malicious web pages; users can obtain testing report by the querymodule.（3）Through experiments, completed the parameter adjustment of classifier; comparedthe performance of naive Bayes, decision trees and support vector machine classifier; The system is compared with other antivirus software, The experimental result shows that thedetection system has a low rate of false negative, can complete the detection of maliciouswebpage effective.Malicious webpage detection system can be applied to the search engine, to protect theinformation security of Internet users. Detection system provides analysis report, can be usedby security analysts working to study and analyze the malicious webpage.