| With the development of network, more and more people handle various affairs online. However, once users browsed malicious web pages, the private data of users may be disclosed. Users can’t identify malicious web pages. Because the existing technology of detecting malicious web pages is not mature, the study of malicious web pages detection is of great significance.Based on the analysis of web pages features, this dissertation proposes four types of new features including: URL lexical features, domain features, page content features and confused JavaScript code features. In addition, this dissertation puts forward the appropriate methods for extracting these features. In order to parse the script that containing DOM object and Ajax, this dissertation extends the function of Rhino.Support vector machine algorithm, decision tree algorithm, naive bayesian algorithm and logistic regression model are used in this dissertation to establish classification model. The dissertation uses these four classification models to perform the experiment. According to the results, the accuracy of the detection scheme based on combined features is higher than the detection scheme based on single feature. This dissertation chooses the support vector machine model as the core of static detecting module by making the comprehensive analysis for test results.This dissertation designs and implements a new method for detecting malicious web pages. The method uses both static detecting technology and dynamic detecting technology: for the unknown web page, the system first uses static detecting technology; if the detecting result is that this page is insecure web page, the system will use Capture-HPC to affirm the security of the web page. This way combines the advantage of static detecting method and advantage of dynamic detecting method. Finally, the system reaches higher detecting efficiency and higher detecting accuracy by the new method.In order to verify the effectiveness of the feature selection and extraction method that this dissertation proposed, we compare the results of our static detection module with three typical static detection systems. The dissertation analyses the final test results from three aspects: the accuracy, the false positive rate, the false negative rate. These results are compared with the detecting results of several antivirus softwares. The results show that the accuracy of the system reaches 92.5% and both the false positive rate and false negative rate achieve the desired level. The comprehensive results indicate that the proposed plan is effective. |
PDF Full Text Request