Research And Implementation Of Obfuscated Drive By Download Attack Detection Technology

The diversity and universality of network information acquisition methods make vulnerable Internet terminals the main way for unscrupulous attackers to silently attack users through web trojans.The JavaScript language not only constitutes a core component of active and dynamic Web content on the Internet,but also provides a basis for attacking and concealing itself for a large number of webpage Trojans that drive downloads.Because the obfuscated code of these attacks is frequent and changeable,it brings difficulties to the research of malicious code detection.The static detection method is proved to have a large false negative rate in practice,and the detection rate of dynamic behavior detection method is maliciously characterized.The library is limited and expensive.This paper deeply analyzes and studies the technology and characteristics of the confusing webpage Troj an,then proposes a malicious JavaScript detection model based on multi-byte code,and uses the abstract syntax tree to obtain the reconstructed code.Based on this code,the multi-byte code feature is extracted.And use the efficient machine learning technology to train the classifier model.Finally,a malicious code detection system based on multi-byte code is designed and implemented,and the effectiveness of the system is verified,and the system display and function verification are carried out.The main research contents and results of the thesis are as follows:A feature extraction method based on multi-byte code is proposed.The code is parsed into bytecode by the engine,and the semantic generalization generated by the compiled parsing of the code is used to obtain the multi-byte code feature that can represent the malicious JavaScript code.A proposed multi-byte code based confusing web page detection model is proposed.First,the code is parsed into an abstract syntax tree.The syntax tree is organized and reconstructed by traversing the tree structure.The transformed syntax tree is used to generate the same semantic code with clear code behavior.Based on the reconstructed code,the feature extraction technique based on multi-byte code is used to train the classifier model with efficient machine learning technology.Set up the test environment and design the test effect test to test the proposed test model.Designed and developed a multi-byte code-based obfuscated web Trojan detection system to design and implement various functional modules of the system.The detection system can perform webpage Trojan detection on webpage data by using a model obtained by offline training.The test results of the model show that the feature extraction method based on multi-byte code can effectively extract the multi-byte code set capable of characterizing malicious code.The model combines code refactoring and multi-byte code feature extraction to automatically capture valid confusing web trojan features.The evaluation of the system shows that the proposed model has better generalization ability.