Malicious Web Page Detection System Based On Classification Algorithm

With the advent of web2.0, due to its advantages of flexibility, ease of use and cross-platform, the B/S structure of the web application is used by people more commonly. Malicious web page attack followed Web application has become one of the main threat of the network security. Effectively detection of malicious web pages, especially for new emerging malicious Web page sample identification and detection timely, is an important content of research in the field of web security detection.This paper studies the main research result and techniques in the field of malicious webpage script attack from domestic and foreign experts, and finds that the existing malicious web detection technology based on the feature matching is difficult to identify the new emergence malicious web pages effectively, although it could detect known types of malicious web page quickly and accurately. In order to solve this problem, this paper presents the working direction in the study of malicious Webpage detection technology based on classification algorithm.This paper selected24attributes which could represent and identify the malicious web page from the normal webpages as the feature vector for classification experiments. We use the four kinds of classification learning algorithm which includes Naive Bayes、Decision Tree C4.5、 Classification and Regression Tree and Support Vector Machines to do the classification experiment, and the experimental results show that SVM has a good performance in the prediction of malicious Web page. Therefore, this paper chooses the SVM as the classification algorithm for our malicious Webpage detection system. Since the forms of new malicious webpage has increased continuously, and the standard SVM could not be able to detect the added samples of malicious web page, so we use an adaptive SVM algorithm to learn the features of new malicious webpage collection directly based on the current classification of malicious Webpage.Based on the above work, this paper proposes a malicious web page detection system based on classification algorithms which named CA-MWDS. Firstly, the system detects the known types of web dark links, malicious links and malicious scripts based on the URL black/white lists and the malicious script features base. Then, the system uses the SVM classifier based on the current training sample sets of malicious Webpage to detect the unknown type of webpage source which could not be detected by the first step. For the new emerging malicious Web page form, the system uses an adaptive SVM algorithm to learn the new webpage samples and update the current classifier, so the updated classifier identifies the new malicious webpages effectively. At the end of this paper, we conduct some specific experiments on the CA-MWDS system. The experimental results indicate that this system has a high accuracy rate and low false positive rate in the detection of malicious webpage, with an adaptive learning ability, and could detect emerging malicious Web page accurately at the same time. However, compared with the mature commercial anti-virus software, the CA-MWDS has a larger time cost, this will be an important aspect of our system optimization at late time.