题名

以異常行為為基礎之即時惡意網頁偵測之研究

并列篇名

Malicious Web Page Detection Based on Anomaly Behavior

DOI

10.6188/JEB.2010.12(4).02

作者

侯雍聰(Yung-Tsung Hou);陳嘉玫(Chia-Mei Chen)

关键词

惡意網頁 ; 下載 ; 異常行為 ; Malicious web page ; Drive-by download ; Anomaly behavior

期刊名称

電子商務學報

卷期/出版年月

13卷1期(2011 / 03 / 01)

页次

117 - 134

内容语文

繁體中文

中文摘要

隨著網際網路服務日益普遍,越來越多的網路應用程式可直接透過網路瀏覽器被使用。然而,大部分的網站於系統開發時,僅基於有限的安全考量而進行開發,而駭客便利用網路應用程式(Web Application)中的漏洞植入惡意腳本程式(script)至網頁中;瀏覽這些惡意網頁的電腦將會受到感染。傳統的惡意網頁檢測方式利用特徵比對(pattern-matching)、監控(monitoring)或改寫JavaScript 程式碼來檢查網頁的安全性。但是這些方式對於從未見過的惡意網頁不能有效的偵測,而有些方式則是利用動態分析的方式來分析出惡意網頁。然而目前缺乏一個用戶端、即時並可以偵測到未知惡意網頁的偵測機制。因此本論文提出一個惡意網頁偵測機制,根據本研究的觀察,惡意網頁相較於一般正常網頁有明顯不同之不尋常行為,此不正常行為通常是用來感染受害端主機或是用來逃避混淆防毒軟體的偵測。這些不尋常的行為,使得惡意網頁在某種程度上不同於正常良性網頁。本研究提出以異常行為分析為基礎的客戶端惡意網頁偵測系統,並使用模式基礎推論來描述及偵測網頁惡意程式碼的特殊語意與特徵。基於模式基礎推論與異常行為分析,本研究所提出之偵測法不但可以區別惡意與正常良性網頁在行為面上之差異,亦可以偵測到未知之惡意網頁。而實驗結果顯示,本研究所提出之方法可以有效辨別惡意網頁並警告網頁瀏覽者。

英文摘要

Because of the convenience of the Internet, we rely closely on the Internet to do information searching, sharing, forum discussion, and online services. However, most of the websites we visit are developed with limited security knowledge, and it results in vulnerabilities in web applications. Unfortunately, hackers have successfully taken advantage of these vulnerabilities to inject malicious JavaScript into compromised web pages to trigger drive-by download attacks. Based on our observation of malicious web pages, malicious web pages have unusual behavior for evading detection which makes malicious web pages different from normal ones. Therefore, we propose a client-side malicious web page detection mechanism, Web Page Checker, which is based on anomaly behavior tracing and analyzing to identify malicious web pages. We also use model-base reasoning method to describe and detect malicious semantics of scripts in malicious web pages. The experimental results show that our method can identify malicious web pag es correctly and alarm the website visitors efficiently.

主题分类 人文學 > 人文學綜合
基礎與應用科學 > 資訊科學
基礎與應用科學 > 統計
社會科學 > 社會科學綜合
参考文献
  1. StopBadware.org (2008), "May 2008 badware websites report,"Retrieved Jul. 25, 2008, from http://www.stopbadware.org/pdfs/StopBadware_Infected_Sites_Report_062408.pdf
  2. Cristodorescu, M.,Jha, S.,Seshia, S. A.,Song, D.,Bryant, R. E.(2005).Semantics-aware malware detection.Proceedings of the 2005 IEEE Symposium on Security and Privacy
  3. Hallaraker, O.,Vigna, G.(2005).Detecting malicious JavaScript code in mozilla.Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems
  4. Hou, Y. T.,Chang, Y.,Chen, T.,Laihc, C. S.,Chen, C. M.(2010).Malicious web content detection by machine learning.Expert Systems with Applications,37(1),55-60.
  5. Jim, T.,Swamy, N.,Hicks, M.(2007).Defeating script injection attacks with browser-enforced embedded policies.Proceedings of the 16th international conference on World Wide Web
  6. Lin, S. F.,Hou, Y. T.,Chen, C. M.,Jeng, B. C.,Laih, C. S.(2008).Malicious webpage detection by semantics-aware reasoning.Proceedings of The International Conference on Intelligent Systems Design and Applications
  7. Preda, M. D.,Christodorescu, M.,Jha, S.,Debray, S.(2008).A semantics-based approach to malware detection.ACM Transactions on Programming Languages and Systems,30(5),377-388.
  8. Reis, C.,Dunagan, J.,Wang, H. J.,Dubrovsky, O.,Esmeir, S.(2006).BrowserShield: Vulnerability-driven filtering of dynamic HTML.Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation
  9. Wang, Y.,Beck, D.,Jiang, X.,Roussev, R.(2006).Automated web patrol with strider honeymonkeys: Finding web sites that exploit browser vulnerabilities.Proceedings of the 13th Annual Network and Distributed System Security Symposium
  10. Yu, D.,Chander, A.,Islam, N.,Serikov, I.(2007).JavaScript instrumentation for browser security.Proceedings of the 34th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
被引用次数
  1. 黃正魁、張簡雅文、李明青(2015)。以保險從業人員觀點探討保險業電子商務平台成功關鍵因素。Electronic Commerce Studies,13(3),355-376。