共查询到20条相似文献,搜索用时 218 毫秒
1.
目前对网页挂马攻击的检测手段主要有网页代码特征匹配与高交互虚拟蜜罐技术,前者难以对抗代码加密与混淆变形技术,后者资源消耗较大难以在客户端直接部署.提出一种新型的基于HTTP会话过程跟踪的网页挂马攻击检测方法.首先跟踪用户访问正常网页与挂马网页的HTTP会话过程,并分析比较两者统计特征,包括会话链接树特征与所引用域名的特征等.进一步,基于会话过程统计特征及采用有监督的机器学习技术,建立了能有效识别挂马网页会话过程的分类模型.实验证明,该模型能够达到91.7%的网页挂马攻击检测率以及0.1%误检率. 相似文献
2.
根据漏洞利用攻击的概念验证,使用WinDbg逆向工程找出该类攻击的特征,并根据该特征编写检测代码。而后将检测代码封装至DLL中,并通过远程线程方式将DLL注入网页浏览器。被注入的DLL会以代码覆盖的方法拦截浏览器的API,使浏览器跳转到检测代码。根据浏览器打开网址时检测代码的返回值,来判断该网址是否包含利用该漏洞进行攻击的网页木马。通过将该技术部署于众多虚拟机中,批量检测网页,来向杀毒软件公司以及搜索引擎等提供高可信度的挂马网页黑名单。 相似文献
3.
4.
《电子制作.电脑维护与应用》2020,(14)
xss攻击在web信息安全领域中一直是被关注的重点,是web安全中最大的漏洞,xss跨网站脚本攻击,恶意攻击者往Web页面里插入恶意html代码,当用户浏览该页之时,嵌入其中Web里面的html代码会被执行,从而达到恶意攻击用户的特殊目的。本文主要阐述了xss的机理和特点,重点分析了网页代码的检测以及木马的特征,并针对这些特点进行了一些相应防范对策的探讨。通过实际的环境对防御的效果进行展示,从而达到对xss漏洞修复的目的,让web站点中的xss漏洞防御的安全级别可以得到大大的提升。 相似文献
5.
互联网应用已经渗透到人们日常生活的方方面面,恶意URL防不胜防,给人们的财产和隐私带来了严重威胁。当前主流的防御方法主要依靠黑名单机制, 难以检测 黑名单以外的URL。因此,引入机器学习来优化恶意URL检测是一个主要的研究方向,但其主要受限于URL的短文本特性,导致提取的特征单一,从而使得检测效果较差。针对上述挑战,设计了一个基于威胁情报平台的恶意URL检测系统。该系统针对URL字符串提取了结构特征、情报特征和敏感词特征3类特征来训练分类器,然后采用多分类器投票机制来判断类别,并实现威胁情报的自动更新。实验结果表明,该方法对恶意URL进行检测 的准确率 达到了96%以上。 相似文献
6.
近年来,恶意网页检测主要依赖于语义分析或代码模拟执行来提取特征,但是这类方法实现复杂,需要高额的计算开销,并且增加了攻击面.为此,提出了一种基于深度学习的恶意网页检测方法,首先使用简单的正则表达式直接从静态HTML文档中提取与语义无关的标记,然后采用神经网络模型捕获文档在多个分层空间尺度上的局部性表示,实现了能够从任意长度的网页中快速找到微小恶意代码片段的能力.将该方法与多种基线模型和简化模型进行对比实验,结果表明该方法在0.1%的误报率下实现了96.4%的检测率,获得了更好的分类准确率.本方法的速度和准确性使其适合部署到端点、防火墙和Web代理中. 相似文献
7.
针对恶意挖矿网页检测技术存在的漏报率高、时效性低、预测不准、过于依赖规则等问题,文章设计了基于多特征识别的恶意挖矿网页检测模型和多层级证据保存的恶意挖矿网页取证方法.该检测模型通过对Coinhive、Jsecoin、Webmine、Crypto-loot四种挖矿网页的实现方式、代码特点分析,归纳总结其特征,构建出挖矿网... 相似文献
8.
当前关于网页挂马攻击检测的研究集中于静态检测方法和动态检测方法,但随着Web应用中动态交互技术及代码混淆技术的大量应用,静态检测方法效果已不明显,同时动态检测方法往往耗时过多。本文在总结当前关于网页挂马攻击检测研究的基础上,提出网页挂马攻击中的JavaScript重定向混淆检测方法,并基于开源JavaScript脚本引擎SpiderMonkey进行设计与实现。此方法可有效解决网页挂马攻击中的JavaScript脚本重定向混淆问题,也可作为低交互客户端蜜罐与高交互客户端蜜罐结合使用提高检测效率。 相似文献
9.
随着Web应用的日益广泛,Web浏览过程中,恶意网页对用户造成的危害日趋严重.恶意URL是指其所对应的网页中含有对用户造成危害的恶意代码,会利用浏览器或插件存在的漏洞攻击用户,导致浏览器自动下载恶意软件.基于对大量存活恶意URL特征的统计分析,并重点结合了恶意URL的重定向跳转、客户端环境探测等逃避检测特征,从页面内容、JavaScript函数参数和Web会话流程这3个方面设计了25个特征,提出了基于多特征融合和机器学习的恶意URL检测方法——HADMW.测试结果表明:该方法取得了96.2%的精确率和94.6%的召回率,能够有效地检测恶意URL.与开源项目以及安全软件的检测结果相比,HADMW取得了更好的效果. 相似文献
10.
《数字社区&智能家居》2008,(12)
上网无忧电子眼是来自趋势科技的一款Web威胁防御工具,可以有效且主动防护您的计算机免受Web威胁或遭到僵尸Bot程序渗透。该工具采用趋势科技革命性的互联网实时服务(in—the—cloud)安全技术来监控网页请求。这套实时防护能丰动扫描来自瓦联网的恶意威胁,避免使用者浏览遭到入侵、攻击或挂马的网站。 相似文献
11.
Web spam denotes the manipulation of web pages with the sole intent to raise their position in search engine rankings. Since
a better position in the rankings directly and positively affects the number of visits to a site, attackers use different
techniques to boost their pages to higher ranks. In the best case, web spam pages are a nuisance that provide undeserved advertisement
revenues to the page owners. In the worst case, these pages pose a threat to Internet users by hosting malicious content and
launching drive-by attacks against unsuspecting victims. When successful, these drive-by attacks then install malware on the
victims’ machines. In this paper, we introduce an approach to detect web spam pages in the list of results that are returned
by a search engine. In a first step, we determine the importance of different page features to the ranking in search engine
results. Based on this information, we develop a classification technique that uses important features to successfully distinguish
spam sites from legitimate entries. By removing spam sites from the results, more slots are available to links that point
to pages with useful content. Additionally, and more importantly, the threat posed by malicious web sites can be mitigated,
reducing the risk for users to get infected by malicious code that spreads via drive-by attacks. 相似文献
12.
World Wide Web is a continuously growing giant, and within the next few years, Web contents will surely increase tremendously. Hence, there is a great requirement to have algorithms that could accurately classify Web pages. Automatic Web page classification is significantly different from traditional text classification because of the presence of additional information, provided by the HTML structure. Recently, several techniques have been arisen from combinations of artificial intelligence and statistical approaches. However, it is not a simple matter to find an optimal classification technique for Web pages. This paper introduces a novel strategy for vertical Web page classification, which is called Classification using Multi-layered Domain Ontology (CMDO). It employs several Web mining techniques, and depends mainly on proposed multi-layered domain ontology. In order to promote the classification accuracy, CMDO implies a distiller to reject pages related to other domains. CMDO also employs a novel classification technique, which is called Graph Based Classification (GBC). The proposed GBC has pioneering features that other techniques do not have, such as outlier rejection and pruning. Experimental results have shown that CMDO outperforms recent techniques as it introduces better precision, recall, and classification accuracy. 相似文献
13.
Web Spam is one of the main difficulties that crawlers have to overcome and therefore one of the main problems of the WWW. There are several studies about characterising and detecting Web Spam pages. However, none of them deals with all the possible kinds of Web Spam. This paper shows an analysis of different kinds of Web Spam pages and identifies new elements that characterise it, to define heuristics which are able to partially detect them. We also discuss and explain several heuristics from the point of view of their effectiveness and computational efficiency. Taking them into account, we study several sets of heuristics and demonstrate how they improve the current results. Finally, we propose a new Web Spam detection system called SAAD (Spam Analyzer And Detector), which is based on the set of proposed heuristics and their use in a C4.5 classifier improved by means of Bagging and Boosting techniques. We have also tested our system in some well known Web Spam datasets and we have found it to be very effective. 相似文献
14.
15.
Li Li Daoyuan Li Tegawendé F. Bissyandé Jacques Klein Haipeng Cai David Lo Yves Le Traon 《计算机科学技术学报》2017,32(6):1108-1124
To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth of piggybacked apps, we are able to automatically locate the malicious packages from piggybacked Android apps with an accuracy@5 of 83.6% for such packages that are triggered through method invocations and an accuracy@5 of 82.2% for such packages that are triggered independently. 相似文献
16.
Increasing high volume phishing attacks are being encountered every day due to attackers’ high financial returns. Recently, there has been significant interest in applying machine learning for phishing Web pages detection. Different from literatures, this paper introduces predicted labels of textual contents to be part of the features and proposes a novel framework for phishing Web pages detection using hybrid features consisting of URL-based, Web-based, rule-based and textual content-based features. We achieve this framework by developing an efficient two-stage extreme learning machine (ELM). The first stage is to construct classification models on textual contents of Web pages using ELM. In particular, we take Optical Character Recognition (OCR) as an assistant tool to extract textual contents from image format Web pages in this stage. In the second stage, a classification model on hybrid features is developed by using a linear combination model-based ensemble ELMs (LC-ELMs), with the weights calculated by the generalized inverse. Experimental results indicate the proposed framework is promising for detecting phishing Web pages. 相似文献
17.
Varadarajan R. Hristidis V. Tao Li 《Knowledge and Data Engineering, IEEE Transactions on》2008,20(3):411-424
Given a user keyword query, current Web search engines return a list of individual Web pages ranked by their "goodness" with respect to the query. Thus, the basic unit for search and retrieval is an individual page, even though information on a topic is often spread across multiple pages. This degrades the quality of search results, especially for long or uncorrelated (multitopic) queries (in which individual keywords rarely occur together in the same document), where a single page is unlikely to satisfy the user's information need. We propose a technique that, given a keyword query, on the fly generates new pages, called composed pages, which contain all query keywords. The composed pages are generated by extracting and stitching together relevant pieces from hyperlinked Web pages and retaining links to the original Web pages. To rank the composed pages, we consider both the hyperlink structure of the original pages and the associations between the keywords within each page. Furthermore, we present and experimentally evaluate heuristic algorithms to efficiently generate the top composed pages. The quality of our method is compared to current approaches by using user surveys. Finally, we also show how our techniques can be used to perform query-specific summarization of Web pages. 相似文献
18.
《Expert systems with applications》2014,41(2):331-341
Time plays important roles in Web search, because most Web pages contain temporal information and a lot of Web queries are time-related. How to integrate temporal information in Web search engines has been a research focus in recent years. However, traditional search engines have little support in processing temporal-textual Web queries. Aiming at solving this problem, in this paper, we concentrate on the extraction of the focused time for Web pages, which refers to the most appropriate time associated with Web pages, and then we used focused time to improve the search efficiency for time-sensitive queries. In particular, three critical issues are deeply studied in this paper. The first issue is to extract implicit temporal expressions from Web pages. The second one is to determine the focused time among all the extracted temporal information, and the last issue is to integrate focused time into a search engine. For the first issue, we propose a new dynamic approach to resolve the implicit temporal expressions in Web pages. For the second issue, we present a score model to determine the focused time for Web pages. Our score model takes into account both the frequency of temporal information in Web pages and the containment relationship among temporal information. For the third issue, we combine the textual similarity and the temporal similarity between queries and documents in the ranking process. To evaluate the effectiveness and efficiency of the proposed approaches, we build a prototype system called Time-Aware Search Engine (TASE). TASE is able to extract both the explicit and implicit temporal expressions for Web pages, and calculate the relevant score between Web pages and each temporal expression, and re-rank search results based on the temporal-textual relevance between Web pages and queries. Finally, we conduct experiments on real data sets. The results show that our approach has high accuracy in resolving implicit temporal expressions and extracting focused time, and has better ranking effectiveness for time-sensitive Web queries than its competitor algorithms. 相似文献
19.
Mina Sohrabi Mohammad M. Javidi Sattar Hashemi 《Journal of Intelligent Information Systems》2014,42(3):619-644
The security of computers and their networks is of crucial concern in the world today. One mechanism to safeguard information stored in database systems is an Intrusion Detection System (IDS). The purpose of intrusion detection in database systems is to detect malicious transactions that corrupt data. Recently researchers are working on using data mining techniques for detecting such malicious transactions in database systems. Their approach concentrates on mining data dependencies among data items. However, the transactions not compliant with these data dependencies are identified as malicious transactions. Algorithms that these approaches use for designing their data dependency miner have limitations. For instance, they need to experimentally determine appropriate settings for minimum support and related constraints, which does not necessarily lead to strong data dependencies. In this paper we propose a new data mining algorithm, called the Optimal Data Access Dependency Rule Mining (ODADRM), for designing a data dependency miner for our database IDS. ODADRM is an extension of k-optimal rule discovery algorithm, which has been improved to be suitable in database intrusion detection domain. ODADRM avoids many limitations of previous data dependency miner algorithms. As a result, our approach is able to track normal transactions and detect malicious ones more effectively than existing approaches. 相似文献