Design And Implementation Of Drive-by-Download Detection System Based On Behavior Analysis

The Internet has been rapidly developed and has changed the way people live.People are enjoying convenience of the Internet,but also run the risk of being attacked by malicious attackers.In recent years,there has been a new malicious code called Drive-by-download,which hidden in the regular web site,so that people are unknowingly infected with the Drive-by-Download.Drive-by-Download can automatically download malicious programs to the local system and cause great harms.Therefore,it is necessary to strengthen the research on the technology of Drive-by-Download detection.The paper introduces the key technology of Drive-by-Download concept,Drive-by-Download and vulnerabilities,Dri ve-by-Down load attack design,Drive-by-Download detection technology and difficulties of Drive-by-Download defense,and the advantages and disadvantages of various detection technology.Then the overall design of the system and the two subsystems introduced.The main work of this paper:1.Analysis the present situation of Internet safety,the harms of the Drive-by-Download.Introducing Drive-by-Download,including key technology of Drive-by-Download concept,Drive-by-Download and vulnerabilities,Drive-by-Download attack design,Drive-by-Download detection technology and difficulties of Drive-by-Download defense.2.This paper introduces several popular detection techniques and compares the advantages and disadvantages of several detection methods.3.And then put forward a detection method based on behavior analysis.The detection method to obtaining web page code behavior by resolving the web page code with a parsing engine for detecting web page.Then the detection method through the analysis of the behavior of monitoring to determining whether the web page code is Drive-By-Download.4.This paper design and implementing a Drive-By-Download detection system based on behavior analysis.First of all,the design of the system,the design of the two subsystems and the Behavior Rules Library described.Then,it elaborates the implementing of page behavior extraction module,the sample collection module and the Drive-By-Download classification.Malicious sample behavior of System collection classified.4.Testing and verification the designed system.According to the results of the test to find a problem of the system,the part of the Drive-by-Download not be detected.According to test result,the Drive-by-download detection system detection rate is high and false positive rate is low.