| Network has been an indispensable part of modern society. With the rapid development of network, the challenge of network security is increasing. Drive-by download attack is a common type of network threat, which has threatened the network information security as it hides well and spreads fast. The web pages attacked by this method are called malicious web pages. Researching the detection technology of drive-by download can reduce the harm of malicious web pages and protect users’ interests.There are two main detection means of drive-by download attack, dynamic detection and static detection. Dynamic detection has high accuracy but takes long time when the scale is large. As the number of benign web pages is much larger than that of malicious web pages in the Internet, dynamic detection is inefficient.This paper researches on script analysis technology for static detection of malicious web pages, with the purpose to filter out benign web page quickly and save time for the next dynamic detection. This paper first studies the common means of drive-by download attack including the latest means using Flash, then concludes the exceptional code characteristics and URL characteristics. Based on this, the paper analyzes a large number of samples of both malicious and benign web pages statistically and trained the date with several kinds of classification algorithm of data mining.After analyzing and comparing the index of different classification algorithms, the page finally chooses the decision tree as the static detection algorithm to develop a prototype system on fast filter of malicious web pages. The test results show that this prototype system can filter out large numbers of benign web pages with low false negative rate. So the system is effective and feasible. |
PDF Full Text Request