| As the increasing of web applications, web attacks are increasing. More and moremalicious software spread through web pages, and increasingly sophisticated. Usersecurity is facing a huge threat. Study how to accurately and efficiently detect maliciousweb code is of great significance. Because of high rate of false positive, traditional staticdetection methods, based on web content or URL, lack practical applicability. Meanwhile,dynamic detection, simulating a real running environment, is difficult to obtain a higherperformance due to resource consumption.The detection technology of malicious web code, based on data mining, through datamining produces a classification model with lower false negative rate. Hope that dynamicdetection methods by combing the classification model can detect malicious web codewith a low false positive and a low false negative. Through extensive research, summarythe characteristics of malicious web code. Use the appropriate extraction techniques toextract these features: extract HTML features with HTMLParser kit, use the regularexpression to preliminarily extract JavaScript features, then use extended Rhino engine toextract the confused JavaScript. As Rhino engine only provides the core JavaScriptfunctionality, study the expansion technology of Rhino engine. In order to generate theclassification model, compared the Na ve Bayes algorithm to decision tree algorithm andSVM algorithm, also studied the adjustment of false negative rate and false positive rate,and compared the classification result of HTML features to the classification result ofJavaScript features.The final classification model has been applied to the actual detection system with agood detection results. The problems arise during detecting, will continue to study andimprove. |
PDF Full Text Request