Title :
A Web Page Malicious Code Detect Approach Based on Script Execution
Author :
Li, Zhi-Yong ; Tao, Ran ; Cai, Zhen-He ; Zhang, Hao
Author_Institution :
Sch. of Inf. Sci. & Technol., Beijing Inst. of Technol., Beijing, China
Abstract :
Web page malicious code detection is a crucial aspect of Internet security. Current Web page malicious codes detection work by checking for ¿signatures¿, which attempt to capture (syntactic) characteristics of the known malicious codes. This reliance on a syntactic approach makes such detectors vulnerable to code obfuscations, increasingly used by malicious codewriters, which alter syntactic prosperities of the malicious code without affecting their execution behavior significantly. This paper takes the position that the key to Webpage malicious code lies in their execution behavior. It proposes a script execution behavior feature based framework for analyzing propose of malicious codes and proving properties such as soundness and completeness of these malicious codes. Our approach analyses the script and confirms the script which contains malicious code by finding shell code, overflow behavior and hidden hyper link. As a concrete application of our approach,we show that the script execution behavior based Webpage malicious code detector can detect many known malicious code but also the newest malicious code.
Keywords :
Internet; security of data; Internet security; Web page malicious code detect approach; malicious codewriters; overflow behavior; script execution; shell code; signature checking; Computer hacking; Databases; Detectors; Information science; Internet; Joining processes; Payloads; Radio access networks; Spraying; Web pages; execution behavior; malicious code; script;
Conference_Titel :
Natural Computation, 2009. ICNC '09. Fifth International Conference on
Conference_Location :
Tianjin
Print_ISBN :
978-0-7695-3736-8
DOI :
10.1109/ICNC.2009.363
