Malicious Link Detection System Based On Support Vector Machines And Node Detection

The emergence of Web2.0 made the Internet been developed and spread rapidly in the world.With the AJAX technology,users were surprised to find that the static web pages they used to browse could change dynamically and interact with them.On this condition,Web applications based on C/S and B/S architecture have sprung up like mushrooms,which enriched people's network life greatly.However,the development of the Internet not only brought convenience,but also the increasingly serious problem of network security,malicious links are the most extensive and the most user closed of these problems.In recent years,with the rapid popularization of smart phones,mobile Internet has replaced the traditional Internet.People can stay on the mobile Internet through various applications in smart phones.Malicious links on the traditional Internet also spread to the mobile Internet with a large number of variants.Therefore,how to effectively detect malicious links as well as identify new kinds of malicious links is the current explore and research focus of domestic and foreign experts and scholars and network security workers.At present,firewall filtering and utilization of black/white list as well as feature matching are the main detection technology of malicious links,which have achieved good recognition results on the application of network security against malicious links for years,but needs specified sample to make filtering rules.Therefore,these programs are unable to identify the emergence of new forms of malicious links.However,under the current environment condition,the development of new technology and security defense for years have made hackers richer in attack experience,so malicious links attack was more and more frequent and rapid through code obfuscation by the link hiding technology and so on.On the contrary,traditional detection in solving these problems has become useless.Faced with this situation,this paper proposes a malicious link detection system(SN-MLDS)scheme based on support vector machines and DOM detection algorithm with the help of previous research results.The system is composed of data weighting module,black/white list detection module,detection module based on support vector machine and detection module based on DOM structure change.In the data weighting,this paper puts forward MSHASH-BF algorithm by combining the SimHash algorithm and the improved bloom filter,which is effective and rapid certificated by compare of 1 million weighting results for three algorithms usingIn classification learning detection module,we select classical classification algorithms such as Naive Bayesian and C4.5 and classification and regression tree as well as support vector machine algorithm.We abstract 36 attributes including structural features,character characteristics,account characteristics and moving characteristics as features vector classifier training set for classification.We made a series of comparative experiments to prove the potential of support vector machine in detecting malicious link.At the same time,in order to cope with the emergence of new malicious web links with the promise of applicability and recognition,we choose the adaptive support vector machine to update feature-learning model through new malware samples or links regularly to keep on improving the system the recognition.We also use a same-layer comparison algorithm of DOM nodes to abstract dark links on the web pages.By real-time monitoring of changes in the structure of DOM page and new DOM subtree extracting,malicious links will be matched with regular expressions.The extracted malicious links are used as samples to be tested for the two other modules.Finally,this paper tests the effect of the system on malicious link detection.After experimental verification,the MSHASH-BF data module in the data row weight to weight in time and effect has achieved good results.Besides,malicious link recognition results have improved with the help of closed-loop detection logic of black/white list filtering,adaptive support vector machine detection module and DSCD module detection.Although the effect of the system in detecting malicious links is improved,it still needs actual business inspection.Therefore,the stability,the cost of the system remains to be improved.At the same time,the network security problem is not just as simple as malicious link,malicious scripts,dangerous public opinion and so on all belong to it.Finding a way to expand and improve the system,so that it can solve more complex security problems is the next stage of this topic.