The Design And Implementation Of The System Of Browser Malicious Web Page Detecting For The Linux

With the development of Internet technology, the increasing in the number of Internet users, the popularity of various operating systems such as windows, Linux, people’s lifestyle has changed. The traditional social, commercial, and other transfer to the Internet platform. Because of this, the Internet has become a new platform for illegal crime, such as Fishing, Trojan and XSS etc. In the process of surfing the Internet, if users fall into the trap, they have no security at all. This cause serious harm to the user’s privacy and benefits.Due to the support of the nation to the domestic operating system based on linux, government officias issue instructions about "must use the domestic operating system replace Microsoft operating system". However, in the Windows operating system there are a number of protection tools, but the domestic operating system is based on Linux, there are few in the Linux operating system and Linux has a wide variety of browsers and versions. With the increasing of Linux users, the attendant is the problem of network security. Browser is one of the most popular Internet access, malicious attacks are also achieved through the browser platform. So a malicious web page detection system based on Linux is necess ary.In this paper, we take a detector to URL, JS script and downloaded files for the web page. Combining a dynamic and static state detecting method, the detection ability of the known and unknown malicious web pages is guaranteed. First, through the extensin of the browser monitor events of browers.When browsing the web, intercepte URL and analysis its structure, feature in the plug-in. Then it has black and white list detection, feature vector detection and phishing attacks detection based similarity. If download the file during the browser, get the download directory, run a detection based on md5 and smd5. At the end execute the cross site scripting attack detection, by intecting the open source firefox and hooking the critical functions, hooking callback functions use extended development of Javascript Engine of Spider Monkey to analysis JS script. In this process, b y marking and tracking of the tainted data, anilysis the destination address whether meets homologous strategy, whether leak sensitive data to a third party, and then judge whether has the cross site scripting attacks. If the page is malicious, it will remind the user whether to continue to visit.Finally, through a series of functional testing, performance testing, compatibility testing, ensure the system can be achieved the customer’s expectations to meet the requirements of the URL, downloaded files, XSS detectiion and be able to maintain high availability and stability.