The Design And Implements Of Browser Extension's Security Detection Technology

With the vigorous development of the Internet,browsers have become network tools that users frequently use to access network resources and enjoy various network services.The browser extensions,to provide users with more and more rich features.However,its security problems are endless.Although some existing security research on browser extensions and browser vendors have made a certain degree of prevention and control,the related technologies of malicious extensions have been rapidly changing.New types of malicious extensions have emerged as a new type that can bypass prevention and control measures.Security issues caused by malicious extensions need to be given high priority.Based on the research of malicious behavior of malicious extensions,this dissertation takes Chrome as an example,and proposes a method to detect malicious extensions based on the existing malware extension features as the main research object..First,we analyze the maliciousness of the extension source by constructing and matching the malicious code part of the malicious extension program in the malicious code library.we analyze the malicious code of the extended source code.Secondly,By dynamically expanding the program and monitoring the APIs invoked in the dynamic running of the extended program,the behavior sequence diagram is constructed to match the malicious behavior sequence diagram of the malicious extended program in the malicious feature library,and the maliciousness of the dynamic behavior of the extended program is analyzed.Static test results to determine the maliciousness of the extension to be detected.Finally,through the realization of the extended program safety detection method and the related experiments,the validity of the detection method is analyzed and verified.Finally,this article addresses the Chrome Extensions Marketplace application's auto-crawling,detection,and malicious extensions to the entire above approach.The experimental results show that the proposed browser extension security detection method can effectively detect the malicious malicious programs in the current mainstream.The experimental results show that the system can effectively detect malicious extensions on the application store,In the application store on the front of the test provides an effective test program.