Title :
Malicious Web Pages Detection Based on Abnormal Visibility Recognition
Author :
Liang, Bin ; Huang, Jianjun ; Liu, Fang ; Wang, Dawei ; Dong, Daxiang ; Liang, Zhaohui
Author_Institution :
Sch. of Inf., Renmin Univ. of China, Beijing
Abstract :
In recent years, Web sites have already become the attackers´ main target. When attackers embed malicious code in the Web pages, they generally change the display mode of the corresponding HTML tags to make the display effect of malicious code invisible or almost invisible to the browser users. In this paper, the concept of abnormal visibility is proposed to describe the display feature setting of malicious code embedded. According to the concept, a malicious code detection method based on abnormal visibility recognition is designed and a prototype system is implemented. Compared to traditional methods and systems, the method has higher efficiency and less maintenance cost. Besides, a special-purpose JavaScript interpreter is implemented to get the execution output of browser-end scripts that are often used to generate malicious code dynamically by attackers. Experiments show that this system can detect most of the malicious Web pages efficiently and at the same time locate the malicious code in the source code accurately.
Keywords :
Java; Web sites; invasive software; HTML tags; JavaScript interpreter; Web sites; abnormal visibility recognition; browser users; browser-end scripts; malicious Web pages detection; malicious code; Costs; Data engineering; Displays; Fingerprint recognition; HTML; Invasive software; Java; Laboratories; Prototypes; Web pages;
Conference_Titel :
E-Business and Information System Security, 2009. EBISS '09. International Conference on
Conference_Location :
Wuhan
Print_ISBN :
978-1-4244-2909-7
Electronic_ISBN :
978-1-4244-2910-3
DOI :
10.1109/EBISS.2009.5138008
