摘要
在深入研究了客户端蜜罐的基础上,提出了动态与静态相结合的Web恶意代码检测方法,实现了Web恶意代码主动检测与分析系统(HoneyCat)。该系统主动对指定的网站进行检测,并对可疑的页面进行分析,通过动态跟踪检测IE进程对注册表和文件的操作以及其网络行为,发现是否存在可疑行为,然后对有可疑行为的网页进行静态分析。静态分析利用漏洞特征库定位恶意代码的准确位置和所利用的漏洞。对于无法识别所利用漏洞的页面生成一个分析文件,为手工分析提供帮助,有助于对漏洞的研究,并有机会发掘未知漏洞。经过测试发现该系统运行稳定,准确率高,能有效地检测出页面中的恶意代码。
Drawing on the idea of client honeypot,the paper proposed a Web malicious code detection method based on a combination of dynamic and static tests and implemented a system called HoneyCat to activly detect and analyze Web malicious code.The system tested a range of eligible sites and the corresponding suspicious URLs,by tracking registry,files,and network behavior to find the existence of suspicious behavior.Then the system analyzed the suspicious Web pages,located the exact location of malicious code and the vulnerabilities.To the vulnerabilities cannot be distinguished,the system generated a page for manual analysis and had chance to discover 0-day.The system ran stably and accurate after testing.
出处
《计算机应用》
CSCD
北大核心
2011年第A02期106-108,共3页
journal of Computer Applications
