Design And Testing Of Malicious Url Real-Time Detecting System Working In The Mode Of Cloud Security

With the rapid development of computer technology, Internet has been integrated into all aspects of people’s lives. While people enjoying the convenience brought by network, they also encounter some unprecedented challenges. More and more people are attacked by the malicious web page while they are surfing the Internet, and trojan and phishing webpage are the main attack.In reaction to this phenomenon, combined with the current popular detection techniques, this article proposes a malicious URL real-time detection system working in the mode of cloud security, and describes its testing detail. The system is backed by a strong knowledge base, applying AC algorithm to match the trojan webpage and TF-IDF Cosine algorithm to match the phishing webpage. Through the combination of the engine and real-time updating of the signature database, the system can detect and cut off the webpage visit in real-time, and distribute the result to every point in the cloud security architecture. Actual results indicate that by deploying the system in carrier networks, phishing webpages and trojan webpages can be effectively blocked, which protect the user’s Internet security in the greatest degree.Specific research work in this paper is as follows:1. Researching the status of the Internet security, elaborating the background and meaning of this research project, and making a preliminary introduction of the cloud security technology2. Introducing the basic knowledge and key technology applied in the system, including the concept and attack styles of the trojan/phishing webpages, and their detecting techniques and algorithm research.Beyond that, the article also explain the knowledge of protocol reassembling,which lay the theoretical foundation for the system designing.3. Giving the design proposal of the whole system and its sub-module,applying the scheme of "blacklist and feature matching" to detect the trojan webpage and "black/white list and page similarity matching" to detect the phishing webpage, and making a detailed description of the knowledge base and architecture of the cloud security.4. Introducing the testing work in detail, including the testing plan, testing case, the tools used in the testing procedure and the set-up of the test environment,finally applying the method of agility test to test the system.