| Nowadays the Internet is an essential part of our daily life because it speeds up communications and improves our quality of life.In the meantime,the Internet is also utilized to propagate malicious softwares.Delivering malicious softwares via web pages is a type of serious security threats.Driveby downloads attack is a kind of malicious code that is injected into a web page to exploit flaws of a victim's browser and browser plugins for silently downloading and installing malicious softwares on the victim's computer.In this thesis,current state of research on drive-by downloads detection at home and abroad is reviewed.The mechanism,harm and state quo of drive-by downloads attack are introduced.A drive-by downloads detection method combining static program analysis,dynamic program analysis and machine learning is proposed in this thesis.For detecting acquisition of attack scripts and malicious heap manipulation in drive-by downloads attack,features consisting of dynamic execution function invocation,dynamic generation function invocation,script insertion,frame insertion,URL redirection,string manipulation records related to these behaviors and an indicator used to determine presence of malicious heap manipulation are extracted during dynamic program analysis.The proposed method utilizes static program analysis to predict absence of some of those features for reducing overhead of the dynamic program analysis.The proposed method uses machine learning algorithm to train classifier as detection model.Design of a drive-by downloads attack detection and defense system and the prototype of the system are presented.In the end of this thesis an evaluation scheme is proposed.The experiment results prove that the proposed method is effective and combines static program analysis and dynamic program analysis in a good way. |
PDF Full Text Request