计算机工程与设计
計算機工程與設計
계산궤공정여설계
COMPUTER ENGINEERING AND DESIGN
2014年
8期
2633-2639
,共7页
网页木马%高混淆%浏览器挂钩%动态检测%特征匹配
網頁木馬%高混淆%瀏覽器掛鉤%動態檢測%特徵匹配
망혈목마%고혼효%류람기괘구%동태검측%특정필배
malicious Web pages%high-obfuscation%browser hook%dynamic detection%feature matching
为解决网页木马日益增多、混淆和躲避检测手段层出不穷的问题,提出一种基于浏览器关键函数挂钩的反混淆方法,能够不在系统中真正执行恶意代码而获取到其反混淆后代码。在此基础上,建立了一套动态检测为主、静态特征匹配为辅的网页木马检测系统。实验结果表明,该系统能够更有效地检测各种类型的高混淆网页木马,具有更高准确性、通用性和性能优越性。
為解決網頁木馬日益增多、混淆和躲避檢測手段層齣不窮的問題,提齣一種基于瀏覽器關鍵函數掛鉤的反混淆方法,能夠不在繫統中真正執行噁意代碼而穫取到其反混淆後代碼。在此基礎上,建立瞭一套動態檢測為主、靜態特徵匹配為輔的網頁木馬檢測繫統。實驗結果錶明,該繫統能夠更有效地檢測各種類型的高混淆網頁木馬,具有更高準確性、通用性和性能優越性。
위해결망혈목마일익증다、혼효화타피검측수단층출불궁적문제,제출일충기우류람기관건함수괘구적반혼효방법,능구불재계통중진정집행악의대마이획취도기반혼효후대마。재차기출상,건립료일투동태검측위주、정태특정필배위보적망혈목마검측계통。실험결과표명,해계통능구경유효지검측각충류형적고혼효망혈목마,구유경고준학성、통용성화성능우월성。
Malicious Web pages are increasing in recent years and many obfuscation techniques have been developed to avoid de-tection ,to solve those problems ,a new de-obfuscation method based on the browser hook technique was constructed which got the de-obfuscation code without running malicious code in real in the system .Then a malicious Web pages detection system com-bining the mid-interaction and the static-dynamic was constructed .The system was designed by dynamic verifying and auxiliary static signature detecting .Experimental results indicate this system can detect almost all kinds of high-obfuscated malicious Web pages and it is very effective ,general and accurate .
