Web Malicious Script Detection Technology Research Based On Dynamic And Static Analysis

In recent years,along with the network technology unceasing enhancement,the Internet has deeply come into people's daily life.However,the network brings people convenience while it is also facing increasingly serious security problems.As the main channel between computer and internet,browser has become one of the most frequently used programs and the malicious web page has become the main way to spread malicious software.When malicious code invade user's computer system by using vulnerability of browser,the virus run in the background and steal personal information.Therefore,it's very important to detect and defense the JavaScript attack through web page.This paper presents a malicious webpage detection method based on dynamic and static analysis.To realize the feature extraction for dynamic analysis by SpiderMonkey engine and JavaScript Hijacking,use characteristic statistic and characteristic matching to realize the detection of malicious code.The research work mainly includes:At first,for the study of malicious script code,including attack object,hack way,code confusion,etc.Through an in-depth analysis of a large number of malicious script attacks on the web page,summarize the characteristics of malicious webpage,decide to use dynamic analysis technology to realize the feature extraction of encrypted code,combined with JavaScript hijacking and JavaScript engine to improve the detection accuracy of the system.Then,based on the SpiderMonkey script engine,using an open source framework,the prototype system was developed using Python language.The main modules of the system include: preprocessing module,web resource acquisition module,dynamic detection,static detection.The web resource acquisition module uses the Beautiful Soup to achieve the source of page.The dynamic detection module simulates the real running environment of JavaScript to complete the analysis of webpage script.Static detection module uses characteristic statistic method and YARA engine to carry out static rules matching to achieve the detection of malicious script.Finally,through the result of experiment shows the effectiveness and value of the system,comparing it with other online script testing tools,shows that the system has good performance on detection rate.